Month: January 2013

Researcher Security Advisory Writing Guidelines

[This was originally published on the OSVDB blog.] Researcher Security Advisory Writing GuidelinesOpen Security Foundation / OSVDB.orgmoderators at osvdb.org This document has been prepared by the Open Security Foundation (OSF) to assist security researchers in working with vendors and creating advisories. Security advisories help convey important information to the community, regardless of your goals or…

January 15, 2013
Box of Shit: Space Rogue

At some point around 2008 I put together a box with a bunch of random shit laying around. Nothing of value, all stuff you question why you even kept it in the first place basically. Off it went to an unsuspecting victim/friend. From there, the box-of-shit was born. Since then, I have sent out hundreds…

January 6, 2013
Rebuttal: Missing the Value of Bug Bounties

[This was originally published on attrition.org. This is a rebuttal piece to Is There a Maturity Link Between Software Security Assurance, Bug Bounty Programs? (2010-12-16) by @wh1t3rabbit (Rafal Los).] So what you have to ask yourself as an organization is this: Is the money we’re offering as a bug bounty higher in worth than what the black-market is…

January 3, 2013