Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

What is the state of vulnerability research?

from [Steven M. Christey] Network Security [Permanent Link]
Subject: What is the state of vulnerability research?
Date: Thu, 16 Feb 2006 01:56:53 -0500 (EST) 

This is a series of open questions to people who consider themselves
to be vulnerability researchers.  Hopefully this will open a number of
fruitful public discussions.

1) What is the state of vulnerability research?

2) What have researchers accomplished so far?

3) What are the greatest challenges that researchers face?

4) What, if anything, could researchers accomplish collectively that
   they have not been able to accomplish as individuals?

5) Should the ultimate goal of research be to improve computer
   security overall?

6) What is an "elite" researcher?  Who are the elite researchers?

7) Who are the researchers who do not get as much recognition as they
   deserve?


Why am I asking?

Because I don't think this topic has been covered quite in this
fashion, and it's about time it did.

Feel free to respond to me privately.  If I receive more than a couple
responses, I will post a summary.

Thanks to James Bercegay, KF, Luigi Auriemma, Matthew Murphy, and Kurt
Seifried for beta-testing the first 5 questions by providing a variety
of responses :)

- Steve


P.S.  If you're further interested in letting your voice be heard,
check out Richard Forno's disclosure survey at
http://www.infowarrior.org/survey.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • What is the state of vulnerability research?, Steven M. Christey <=
Previous by Date:  Re: MyBB 1.03 Multible xss and sql injections, security
Next by Date:  Re: Vulnerabilites in new laws on computer hacking, Radoslav DejanoviÄ
Previous by Thread:  [Full-disclosure] Critical SQL Injection PHPNuke <= 7.8 - Your_Account module, SecurityReason - sp3x
Next by Thread:  [Full-disclosure] [USN-251-1] libtasn vulnerability, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]