Most of you know that I’m pretty outspoken about my thoughts and opinions and this is just one that I have to get off my chest so-to-speak. It does involve independent security researchers, I do put myself in that category too which makes it that much harder to speak my opinion, but I’ll do it anyway.
When I visit other security researchers websites what do I normally find? Well to tell you the truth, worthless information which consist of vulnerabilities, that are just copied and pasted from a popular reporting site, and useless and confusing content that a normal computer user would be confused about and not understand at all in the first place.
I guess you could raise the argument that the visitors to their website are experienced and in the security industry, but they probably already receive these vulnerability notices anyway; because, they should be subscribed to these services — so why do they just re-hash the information thinking that it’s news worthy to their visitors?
As an independent security researcher I don’t publish a lot of my findings and that’s because my findings are strictly for my clients, and sometimes iDefense and TrippingPoint, who I sell vulnerabilities to sometimes. As a security researcher, especially an independent one at that, it’s my own research that is my asset. That’s the information that companies pay for and I’m not going to be blogging about it. And if the majority of my visitors are security industry people, why am I reposting information that has already been sent out in all the popular posting sites which anyone in the security industry would already subscribe to in the first place? Just makes no sense to me personally and I keep seeing it over and over, so I figured it was high time I said something. Maybe one of those researchers and post a comment and enlighten me a little on why they do it.
Until next time folks, see you on the flip-side.
