|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] Buy a security trinket today!
dave
immunitysec.com
Date: Fri May 23 2003 - 10:33:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Here's a quote from RFP's new website:
http://www.wiretrip.net/rfp/txt/evolution.txt
"""
I've had a lot of good moments in the past few years in this industry, and
I'm sure there's still a few more to be had. I will still be around, my
research will still continue, and development of libwhisker will still
happen. But the days of free security research for the sake of free
security research are numbered, if not completely over already.
Don't lose sight of security. Security is a state of being, not a state
of budget. He with the most firewalls still does not win. Put down that
honeypot and keep up to date on your patches. Demand better security from
vendors and hold them responsible. Use what you have, and make sure you
know how to use it properly and effectively.
...
"""
I think the day when Microsoft or Sun or HP or any of the big houses could
use the security community as a pot of free quality assurance engineers is
over, and should be over. It's just insulting to have them send lawyers
after people for software licenses and at the same time expect this kind
of free work. So in this sense, I think the days where security research
was defined by "Advisories" is long over, and good riddance. Most
advisories (this means you) have the same freshness and general benefit to
the world as another story about the Isreali conflict on CNN. They neither
inform nor entertain or even shock. Nowadays they are simply a filler
in-between bands of advertising. "Please buy our services, scanner, or
shiny rocks of security goodness!"
Immunity is guilty of this as well, of course, but I did it without the
illusion that I was doing anything but adding to the general noise level.
More and more often, as the security community closes off free access to
information, exploits will be released primarally through hackers getting
bored of them and either worming them, or using them to root a hundred
inconsequential targets.
This is a good thing. A perfect information system is too easily the right
arm of tyranny. The world could use a bit of transparency in the system.
As the next lobbyist emails out a word of thanks for a bought vote, I want
him to know that somewhere, the public is watching. Each new worm is our
advisory of that fact.
Dave Aitel
VP Quality Assurance
Immunity, Inc.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]