RE: Security researchers organization

From: Jeremy Epstein (
Date: 11/19/03

  • Next message: 3APA3A: "Half Life dedicated server information leak and DoS"
    Date: Wed, 19 Nov 2003 09:37:46 -0800

    I like the idea of this, but am concerned by the terminology.

    What's being proposed is an organization of *vulnerability* researchers.
    There are MANY other kinds of security researchers, including those who
    design new forms of access controls, security models, intrusion detection
    systems, security tools, etc. Security researchers publish results in
    peer-reviewed conferences and journals, and their goal is to improve
    understanding of security and provide mechanisms and tools.

    Vulnerability researchers are focused on finding vulnerabilities in existing
    software, which is a valuable contribution. While there's substantial
    overlap in end goals, they (mostly) don't design security systems. And they
    very rarely publish results in peer-refereed conferences and journals.

    So in defining this organization, let's not call it something it isn't. One
    isn't better or worse than the other, but they're not the same thing.


  • Next message: 3APA3A: "Half Life dedicated server information leak and DoS"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #165
      ... Tenable Security ... distribute, manage, and communicate vulnerability and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln... ...
    • SecurityFocus Microsoft Newsletter #174
      ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
    • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    • SecurityFocus Microsoft Newsletter #171
      ... Better Management for Network Security ... GoodTech Telnet Server Remote Denial Of Service Vulnerabilit... ... ASPApp PortalAPP Remote User Database Access Vulnerability ...
    • SecurityFocus Microsoft Newsletter #160
      ... MICROSOFT VULNERABILITY SUMMARY ... Geeklog Forgot Password SQL Injection Vulnerability ... Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov... ... Sun Java Virtual Machine Slash Path Security Model Circumven... ...