Dailydave mailing list archives
Re: Re: What is the state of vulnerability research?
From: jnf <jnf () nosec net>
Date: Sat, 18 Feb 2006 12:23:10 -0800 (PST)
5) Should the ultimate goal of research be to improve computer security overall?Excuse me? how much does this _potentially_ tell about the answering researchers ethics? Otherwise this should always be a 'YES' answer - no?
Duh, fixing computer security means most of you folks wouldn't have jobs anymore, and we've proved time and time again that this industry is more concerned with FUD/mass hysteria/the corporate bottom line, than actual security. Don't kid yourself, releasing advisories and exploits doesn't protect john q who probably won't even patch his system, it empowers your greatest money maker. If the goal was secure systems, then why on earth would most networks be soft and mostly unpatched behind corporate firewalls? Look at nearly every big group of people who started off as 'underground researchers', how many of them now are arming generations of both 'black' and 'white' hat idiots with little to no understanding of the tool they're using in order to push up their bottom line by selling another protection? While this speaks volumes upon ones ethics as you suggested, I'm suggesting that if more people answered honestly the answer would be 'no'.
The questions are part of a hidden motive of mine: to serve the public interest (one of MITRE's Corporate Values, by the way [1]).
I am assuming this means that public interest trumps the shareholders bottom line.
Current thread:
- What is the state of vulnerability research? Steven M. Christey (Feb 16)
- Re: What is the state of vulnerability research? MindsX (Feb 16)
- Re: What is the state of vulnerability research? security curmudgeon (Feb 16)
- Re: What is the state of vulnerability research? Thomas Pollet (Feb 18)
- Re: What is the state of vulnerability research? security curmudgeon (Feb 16)
- Re: What is the state of vulnerability research? Etaoin Shrdlu (Feb 18)
- Re: What is the state of vulnerability research? security curmudgeon (Feb 21)
- Re: What is the state of vulnerability research? foofus (Feb 22)
- <Possible follow-ups>
- Re: What is the state of vulnerability research? Steven M. Christey (Feb 16)
- Re: Re: What is the state of vulnerability research? MindsX (Feb 18)
- Re: Re: What is the state of vulnerability research? jnf (Feb 21)
- Re: Re: What is the state of vulnerability research? security curmudgeon (Feb 21)
- Re: Re: What is the state of vulnerability research? MindsX (Feb 18)
- Re: What is the state of vulnerability research? Steven M. Christey (Feb 22)
- Re: What is the state of vulnerability research? MindsX (Feb 16)