Security's Symbiosis
"In a recent paper titled "Teaching an Old Dog New Tricks," security guru Marcus Ranum argues that independent "security researchers" who spend their time constantly looking for security bugs are a drain on the security community. He even has a name for these people: vulnerability pimps.
He thinks that if these people were really serious about security they would join product security teams at the vendors and eschew their 15 seconds of fame on CNN or at DEFCON.
Marcus does not approve of releasing any information at all about bugs that will place people at risk, regardless of other reasons. And he practices what he preaches. When he recently used Fortify to discover a number of exploitable buffer overflows in the venerable fwtk firewall toolkit (which he helped to create back in the Pleistocene era), he didn't gleefully run to the press or even write the exploits up for bugtraq. Instead, he contacted the owners of the appropriate modules and told them what he had found. "
This article touches on MANY good points and is well worth the read.
Article Link: http://www.darkreading.com/document.asp?doc_id=118174
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment