Hi Odabo,
Albeit you've made a fair point, please keep in mind that there is
plenty of forums, interest groups, mailing lists, etc., in which
professionals that DO make a living out of this gather to exchange
and/or share information.
In what it respects to me, two main reasons keep me from participating more.
The first one, incredibly, is the least restrictive: NDAs with
customers. I never disclose or discuss anything related to my customer,
but I do discuss security and vulnerabilities, for as long as those can
not be traced back to them. In practice I've never been in conflict with
NDA terms.
The second one is lack of time. I simply don't have the time to post
here and in other places as much as I would like, but this is also
because I've life outside the office.
However, I still put some humble effort into OISSG, that gathers many
field experts together, and as proof of their effort and dedication you
can see how our document ISSAF is evolving. No matter how
complete/complex it'll become, it'll stay as a free download. We have
jobs, but we also have this as our hobby and our way to give back to the
community, who give us a lot in the first place.
If at any time whatever I'm involved in a not-job-related way becomes an
exclusively commercial adventura, I'll definitely switch to another free
environment.
You only need to read the mailing lists here at SecurityFocus. Do you
think the people who sometimes answers with JEWELS of wisdom are paid
for that? ;-)
Cheers,
Miguel Dilaj
Vice-President of IT Security Research, OISSG
www.oissg.org
buriedanonymous@yahoo.com wrote:
I seem not to understand what is happening to the security community..The
profit and earning a living of the expert in the field is going to lead to the
death of the security community.Now full disclosure movement is getting to be
commercial disclosure, whereby each security community wants to expliot you to
pay them to even get the latest vulnerability report and expliot,even when you
need it to penetrate your server before the bad guy does.Which doesnt aid the
people of the basics but even helps the scriptkiddie community(the greatest
fear we face)I hope attention is given to these...and d fathers of d security
comm' should have a re think, cos the continuity of the pursue of profit would
bring the security of the internet wide as an open gate.
odabo
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
