RE: Security researchers organization

From: Jeremy Epstein (jeremy.epstein_at_webmethods.com)
Date: 11/19/03

  • Next message: 3APA3A: "Half Life dedicated server information leak and DoS"
    To: bugtraq@securityfocus.com, ntbugtraq@ntbugtraq.com
    Date: Wed, 19 Nov 2003 09:37:46 -0800
    
    

    I like the idea of this, but am concerned by the terminology.

    <flame-bait>
    What's being proposed is an organization of *vulnerability* researchers.
    There are MANY other kinds of security researchers, including those who
    design new forms of access controls, security models, intrusion detection
    systems, security tools, etc. Security researchers publish results in
    peer-reviewed conferences and journals, and their goal is to improve
    understanding of security and provide mechanisms and tools.

    Vulnerability researchers are focused on finding vulnerabilities in existing
    software, which is a valuable contribution. While there's substantial
    overlap in end goals, they (mostly) don't design security systems. And they
    very rarely publish results in peer-refereed conferences and journals.

    So in defining this organization, let's not call it something it isn't. One
    isn't better or worse than the other, but they're not the same thing.
    </flame-bait>

    --Jeremy


  • Next message: 3APA3A: "Half Life dedicated server information leak and DoS"