Tag: Ethics

  • Your yearly reminder to post to Full-Disclosure, not Bugtraq

    [This was originally published on the OSVDB blog.] [10/29/2020 Update: As of February 24, SecurityFocus has stopped moderating posts to the Bugtraq mail list without explanation or warning. This is apparently related to Broadcom acquiring Symantec, the owner of SecurityFocus.] This has been a long-recognized and proven thing, but every year we run into more…

  • The Scraping Problem and Ethics

    [This was originally published on the OSVDB blog.] [2014-05-09 Update: We’d like to thank both McAfee and S21sec for promptly reaching out to work with us and to inform us that they are both investigating the incident, and taking steps to ensure that future access and data use complies with our license.] Every day we…

  • Why You Should Not Get a CISSP

    At DEFCON 20, Timmay gave a presentation on the supposed merit of the CISSP certification. It included several reasons why he felt the certification was based more on ISC(2) market hype than an actual value. He asked Jericho to contribute and present a handful of slides (pages 37 – 43) regarding the ISC(2) Code of…

  • My Canons on (ISC)² Ethics – Such as They Are

    [This was originally published on Infosec Island, and then attrition.org.] The International Information Systems Security Certification Consortium, Inc., (ISC)², bills themselves as “the global, not-for-profit leader in educating and certifying information security professionals throughout their careers.” They are probably most well-known for their CISSP® – Certified Information Systems Security Professional. With 5 years of experience, practice in two…