@bert_hubert Very good point. We can focus the point “To be good with security requires actually doing security” all the recent incidents with many magical security vendors selling VPN boxes. If you don’t know what’s inside the box and actually doing security around, you are left alone to listen to false promises from those vendors.
@tfiebig Doing security is clearly the people reading logs, fixing stuff, improving automation, dealing with false positives, searching for true positives and doing incident response. The most successful security teams are the ones dealing with the boring stuff to make those interesting. @bert_hubert
@spiegelmama with them, everything is possible. From running away to having hosted the wrong stuff and being seized. Let’s see what the future will tell us.
@amuse Some vendors who don’t take seriously vulnerability disclosure. Some security researchers reselling the vulnerability while doing disclosure via a CERT to claim they are ethicals. Too many vulnerability disclosure platforms having two (or more) business plans (reselling CVD to customers while selling exploits). So we are still far away for clean and smooth vulnerability disclosure process. @circl
@nixCraft Can we say that a software project is finished? I think it’s either maintained or archived. IMHO, There is no such thing as a finished software project.
Always intriguing to witness conspiracy theorists diving into our open-source projects, weaving together connections that are more creative fiction than reality.
Well, it seems like sitting in a cafe and writing on Saturday mornings has become a new habit for me. I enjoy it a lot. @adulau challenged me to publish one blogpost per week, let's see how it goes 😉
Today's post is about #publication, #research, and everyone's #potential to create and make a difference in our information age.