You know you're an important when someone announces a "Month of Bugs" project for you. July will be the Month of Twitter Bugs, brought to my attention in this story by Robert Westervelt. The current project is led by a participant in the Month of Browser Bugs from three years ago named Avi Raff. I don't see projects like that as being irresponsible. What would be more irresponsible is selling the vulnerabilities to the underground. Would the critics prefer that? In many cases, "Month of" projects are the result of running into resistance from developers or managers are not taking vulnerabilities seriously. In many cases the vulnerabilities are already being exploited. Sure, packaging all of the vulnerabilities into a "Month of" project gains attention, but isn't that the point?
Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.
Tidak ada komentar:
Posting Komentar