Vulnerability Discovery - A popularity contest

Wed, 18 Feb 2009 10:00

I just read a new blog post on the The Top Ten Vulnerability Discoverers of All Time - by Gunter Ollman at the Frequency X Blog. I have the utmost respect for the X-Force folks, many of the best researchers and security practitioners in the world today have come from this camp over the course of the last 15+ years. And to be completely honest, I understand why this information would be of interest to the blog readers (I probably would have published it as well had I owned it). However, I hate what it represents...

At one point in history, vulnerability research and discovery was about fixing the bugs and stopping the bad guys from abusing the holes. Somewhere along the line it became a game of "I'm cooler... I found the most interesting flaw!". And finally, as if that wasn't bad enough, it appears as if the latest bragging right is "I found the MOST flaws!". My thoughts on this is.. "Who Cares?!". Let's get back to fixing things because it's the right thing to do. Let's get back to working with the vendors to make the computing world safer. Let's stop worrying about flaw counts and who's the most uber. Sadly.. I don't think we can go back in time - R.I.P. the good old days.

Home | Tags: infosec | Category: /infosec | Link

About:

Tyler Shields
Creator/Philosopher/Slacker

Personal:

Papers and Presentations
Twitter Feed
txs Twitter RSS Feed

Tweet Tweet:

Calendar:

Categories:

/ (144)
  book_reviews/ (7)
  generic/ (36)
  humor/ (22)
  infosec/ (69)
  poker/ (3)
  programming/ (6)
  rants/ (1)

Book List:

05/2010::100% Done
Run for Your Life, by James Patterson and Michael Ledwidge

05/2010::100% Done
Chelsea Chelsea Bang Bang, by Chelsea Handler

04/2010::100% Done
My Horizontal Life A Collection of One-Night Stands, by Chelsea Handler

01/2010::100% Done
The Girl Who Played with Fire, by Steig Larrson

10/2009::100% Done
The Lost Symbol, by Dan Brown

more...

Pimping: