Everybody's doing it ...

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Brett Lymn: "Intro"
• Previous message: Steve Kennedy: "Re: FAQ"

... which makes me kind of hesitate to do the Intro Thing too, but hey....

A long time ago I moderated the "security" list, aka misc.security, which
later perished due to negative free time.

Recently, I just left FTP Software, where I was resident security geek because
nobody else wanted to deal with it.  I dealt with a couple of intrusions while
there, but nothing major, possibly due to being as proactive as possible in
that framework.

On my current plate I have several improvements I'd like to make to various
free security products, like s/key and tcp_wrap, and get said changes back to
the authors.  It remains to be seen if I'll actually have the time.  I'm now
striking out on my own as a consultant, armed with several years' worth of
accumulated knowledge.

My school of thought is mostly full-disclosure, for the simple reason that to
truly understand down to the bare metal why a bug is a bug, you must also
understand how it would be exploited, and only THEN can you fix the code.
"Become root and apply patch 1004096-13" just doesn't do it for me...

_H*

• Next message: Brett Lymn: "Intro"
• Previous message: Steve Kennedy: "Re: FAQ"