Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Dailydave] What is the state of vulnerability research?

From: MindsX (mindsxgmail.com)
Date: Thu Feb 16 2006 - 10:17:36 CST

<White Noise>

Sorry... too cynical... could not stop myself....

MITRE's Centers of Technical Excellence

Our Centers of Technical Excellence are centralized areas in which we build
knowledge of key technologies. They act as a resource for the company by
providing experts to support hundreds of projects across MITRE. Staff
members in each center focus on developing a technical discipline—they
maintain knowledge about current practices and technologies and pursue
leading-edge development so that they can identify future technologies that
will be important to the company and our customers. Experts from these
centers bring knowledge to the projects, their colleagues, and customers.
And they bring back knowledge to the center about how technology is being
used in the field and what the customers might need next.
Following is a list of our Centers of Technical Excellence and their core
areas of focus.

*Information Security

   - Applied Secure Systems Engineering
   - Enterprise Security Solutions
   - Secure Information Technology
   - Secure Distributed Computing
   - Network Security Engineering
   - Secure Technology Solutions


Why do I think Mitre should be coming out with answers, not questions?


On 2/16/06, Steven M. Christey <coleymitre.org> wrote:
> [sorry for the cross-post, but I hold high hopes for a good
> signal-to-noise ratio on dailydave compared to the other lists ;-)]
> This is a series of open questions to people who consider themselves
> to be vulnerability researchers. Hopefully this will open a number of
> fruitful public discussions.
> 1) What is the state of vulnerability research?
> 2) What have researchers accomplished so far?
> 3) What are the greatest challenges that researchers face?
> 4) What, if anything, could researchers accomplish collectively that
> they have not been able to accomplish as individuals?
> 5) Should the ultimate goal of research be to improve computer
> security overall?
> 6) What is an "elite" researcher? Who are the elite researchers?
> 7) Who are the researchers who do not get as much recognition as they
> deserve?
> Why am I asking?
> Because I don't think this topic has been covered quite in this
> fashion, and it's about time it did.
> Feel free to respond to me privately. If I receive more than a couple
> responses, I will post a summary.
> Thanks to James Bercegay, KF, Luigi Auriemma, Matthew Murphy, and Kurt
> Seifried for beta-testing the first 5 questions by providing a variety
> of responses :)
> - Steve
> P.S. If you're further interested in letting your voice be heard,
> check out Richard Forno's disclosure survey at
> http://www.infowarrior.org/survey.html