lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Nov 2003 09:37:46 -0800
From: Jeremy Epstein <>
Subject: RE: Security researchers organization

I like the idea of this, but am concerned by the terminology.

What's being proposed is an organization of *vulnerability* researchers.
There are MANY other kinds of security researchers, including those who
design new forms of access controls, security models, intrusion detection
systems, security tools, etc.  Security researchers publish results in
peer-reviewed conferences and journals, and their goal is to improve
understanding of security and provide mechanisms and tools.

Vulnerability researchers are focused on finding vulnerabilities in existing
software, which is a valuable contribution.  While there's substantial
overlap in end goals, they (mostly) don't design security systems.  And they
very rarely publish results in peer-refereed conferences and journals.

So in defining this organization, let's not call it something it isn't.  One
isn't better or worse than the other, but they're not the same thing.


Powered by blists - more mailing lists