Re: death of the security community

Hi Odabo,

Albeit you've made a fair point, please keep in mind that there is plenty of forums, interest groups, mailing lists, etc., in which professionals that DO make a living out of this gather to exchange and/or share information.
In what it respects to me, two main reasons keep me from participating more.
The first one, incredibly, is the least restrictive: NDAs with customers. I never disclose or discuss anything related to my customer, but I do discuss security and vulnerabilities, for as long as those can not be traced back to them. In practice I've never been in conflict with NDA terms.
The second one is lack of time. I simply don't have the time to post here and in other places as much as I would like, but this is also because I've life outside the office.
However, I still put some humble effort into OISSG, that gathers many field experts together, and as proof of their effort and dedication you can see how our document ISSAF is evolving. No matter how complete/complex it'll become, it'll stay as a free download. We have jobs, but we also have this as our hobby and our way to give back to the community, who give us a lot in the first place.
If at any time whatever I'm involved in a not-job-related way becomes an exclusively commercial adventura, I'll definitely switch to another free environment.
You only need to read the mailing lists here at SecurityFocus. Do you think the people who sometimes answers with JEWELS of wisdom are paid for that? ;-)

Miguel Dilaj
Vice-President of IT Security Research, OISSG

buriedanonymous@xxxxxxxxx wrote:
I seem not to understand what is happening to the security community..The profit and earning a living of the expert in the field is going to lead to the death of the security community.Now full disclosure movement is getting to be commercial disclosure, whereby each security community wants to expliot you to pay them to even get the latest vulnerability report and expliot,even when you need it to penetrate your server before the bad guy does.Which doesnt aid the people of the basics but even helps the scriptkiddie community(the greatest fear we face)I hope attention is given to these...and d fathers of d security comm' should have a re think, cos the continuity of the pursue of profit would bring the security of the internet wide as an open gate.


The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.