Re: What is the state of vulnerability research?

["Thomas Pollet" <thomas.pollet () gmail com>]

Hi,

> Do you ever wonder about the cut and paste kiddies discovering XSS and SQL
> injection vulnerabilities? Why they find a vuln in a product, then a week
> later another person finds a different vuln in the same version of the
> same product? How could the original person miss it? Easy, because they

Personally I had as much fun 'cut&pasting' 
<script>alert(1337)</script> tags as pushing buttons on ps2 gamepad
while playing ssx. Too bad you don't understand me if I say I have 
some fun in breaking webcodes. I could write a couple of pages about
the stupidity of your elitist behaviour. Why waste time on a troll
post. I am just a hobby hacker, you are the security pro and a future
nobel price laureat. I lose.
Everybody makes mistakes once in a while, but some mistakes are worse
than others.
How do we know the products we use are made by people who want to put
as little mistakes as possible in production? Audit every piece of
code we use to the bone? Check the security history of a product?
Sorry for the rant but I felt insulted, maybe it's the truth in it
that hurts most. Let's make it up with some xss ohdays: WEBInsta
Limbo, DEV web management system, PHPX, e107, phpbb.
If the vuln db's were hitcharts I'd be singing schlagers wearing
lederhosen, and I'm not even German. Good thing I got tired of
'webaudits' anyway. Maybe after all there's life beyond security.

Greets,
Thomas