Bugtraq mailing list archives
RE: Security researchers organization
From: Jeremy Epstein <jeremy.epstein () webmethods com>
Date: Wed, 19 Nov 2003 09:37:46 -0800
I like the idea of this, but am concerned by the terminology. <flame-bait> What's being proposed is an organization of *vulnerability* researchers. There are MANY other kinds of security researchers, including those who design new forms of access controls, security models, intrusion detection systems, security tools, etc. Security researchers publish results in peer-reviewed conferences and journals, and their goal is to improve understanding of security and provide mechanisms and tools. Vulnerability researchers are focused on finding vulnerabilities in existing software, which is a valuable contribution. While there's substantial overlap in end goals, they (mostly) don't design security systems. And they very rarely publish results in peer-refereed conferences and journals. So in defining this organization, let's not call it something it isn't. One isn't better or worse than the other, but they're not the same thing. </flame-bait> --Jeremy
Current thread:
- Security researchers organization Thor Larholm (Nov 18)
- Re: Security researchers organization Crispin Cowan (Nov 19)
- help needed with DotGNU security review (was Re: ..researchers org..) Norbert Bollow (Nov 21)
- Re: help needed with DotGNU security review (was Re: ..researchers org..) Crispin Cowan (Nov 22)
- help needed with DotGNU security review (was Re: ..researchers org..) Norbert Bollow (Nov 21)
- <Possible follow-ups>
- Re: Security researchers organization http-equiv () excite com (Nov 18)
- Re: Security researchers organization John C Borkowski III (Nov 19)
- Re: Security researchers organization Steven M. Christey (Nov 18)
- FW: Security researchers organization Keving Wong (Nov 18)
- RE: Security researchers organization Jeremy Epstein (Nov 19)
- Re: Security researchers organization Crispin Cowan (Nov 19)