| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Nov 2003 09:37:46 -0800 From: Jeremy Epstein <jeremy.epstein@...methods.com> To: bugtraq@...urityfocus.com, ntbugtraq@...ugtraq.com Subject: RE: Security researchers organization I like the idea of this, but am concerned by the terminology. <flame-bait> What's being proposed is an organization of *vulnerability* researchers. There are MANY other kinds of security researchers, including those who design new forms of access controls, security models, intrusion detection systems, security tools, etc. Security researchers publish results in peer-reviewed conferences and journals, and their goal is to improve understanding of security and provide mechanisms and tools. Vulnerability researchers are focused on finding vulnerabilities in existing software, which is a valuable contribution. While there's substantial overlap in end goals, they (mostly) don't design security systems. And they very rarely publish results in peer-refereed conferences and journals. So in defining this organization, let's not call it something it isn't. One isn't better or worse than the other, but they're not the same thing. </flame-bait> --Jeremy
Powered by blists - more mailing lists