Re: informIT: Building versus Breaking

[iarce <iarce () corest com>]

On 9/1/11 2:29 AM, Stephen Craig Evans wrote:
> Sergio,
>
> "Blackhat IS about breaking stuff, the vendors area offers defense
> products and services to improve your security. For building stuff (as
> in development) there are other conferences out there. People go to
> Blackhat to be aware of what things might go wrong in order to protect
> better themselves."
>
> I really take offense to your comment.
>
> I am seeing malware out in the field that is based on work by
> so-called noble "security researchers".
>
> My litmus test is: If there were no whitehats and security
> researchers, would we be better off at fighting the bad guys?
>
> My answer is emphatically "yes".

That is the kind of reply and opinion that very rapidly leads these
debates to very divisive arguments.

First you are taking offense then your are pejoratively dismissing other
peoples work (by generically putting the quality or motivation of their
work in question) and finally saying that you'd be better off if a whole
community of people did not exist. Replace "security researchers" with
any other collective and your statement would read very very nasty

> What I hate is that "security researchers" and the "white hats" try to
> present themselves as noble and as the good guys. It's f*cking
> bullsh*t and a total scam. Ten years later for me and the state of
> infosec is much worse.


Hmm I wonder if I should take offense of that statement? You question
the motivations and honesty of an entire group of people and imply
they're responsible for an alleged degradation in the state of infosec.


> There is also a nasty faction of infosec that will never want to solve
> problems which will put themselves out of work. Yep, I am throwing
> down that gauntlet FWIW.

Stephen, it is way past the time - it was 10 years go too- for people in
the infosec community that claim to have an interest in improving the
state of infosec to move away from confrontational stances and bigotry
and to engage with the offensive security community in a constructive
manner, putting prejudices aside and without invoking a moral high
ground that they've not been given by divine intervention.

Personally, I would be glad to put you out of work. Unfortunately I
can't do it alone.


sincerely,
-ivan

-- 
Ivan Arce
CTO - Core Security Technologies
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________