Re: death of the security community

[Miguel Dilaj <miguel.dilaj () oissg org>]

Hi Odabo,

Albeit you've made a fair point, please keep in mind that there is 
plenty of forums, interest groups, mailing lists, etc., in which 
professionals that DO make a living out of this gather to exchange 
and/or share information.
In what it respects to me, two main reasons keep me from participating more.
The first one, incredibly, is the least restrictive: NDAs with 
customers. I never disclose or discuss anything related to my customer, 
but I do discuss security and vulnerabilities, for as long as those can 
not be traced back to them. In practice I've never been in conflict with 
NDA terms.
The second one is lack of time. I simply don't have the time to post 
here and in other places as much as I would like, but this is also 
because I've life outside the office.
However, I still put some humble effort into OISSG, that gathers many 
field experts together, and as proof of their effort and dedication you 
can see how our document ISSAF is evolving. No matter how 
complete/complex it'll become, it'll stay as a free download. We have 
jobs, but we also have this as our hobby and our way to give back to the 
community, who give us a lot in the first place.
If at any time whatever I'm involved in a not-job-related way becomes an 
exclusively commercial adventura, I'll definitely switch to another free 
environment.
You only need to read the mailing lists here at SecurityFocus. Do you 
think the people who sometimes answers with JEWELS of wisdom are paid 
for that? ;-)
Cheers,

Miguel Dilaj
Vice-President of IT Security Research, OISSG
www.oissg.org



buriedanonymous () yahoo com wrote:
> I seem not to understand what is happening to the security community..The profit and earning a living of the expert in the 
> field is going to lead to the death of the security community.Now full disclosure movement is getting to be commercial 
> disclosure, whereby each security community wants to expliot you to pay them to even get the latest vulnerability report and 
> expliot,even when you need it to penetrate your server before the bad guy does.Which doesnt aid the people of the basics but 
> even helps the scriptkiddie community(the greatest fear we face)I hope attention is given to these...and d fathers of d 
> security comm' should have a re think, cos the continuity of the pursue of profit would bring the security of the 
> internet wide as an open gate.
>
> odabo


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------