VulnWatch.org, today at the Black Hat computer security conference in Las Vegas, announced a new non-profit, independent security vulnerability disclosure mailing list to serve the vulnerability information needs of IT professionals, software and hardware vendors, and security researchers.
Public vulnerability disclosure is a very important and controversial cornerstone of the computer security landscape. Since computer security problems effect many different organizations and people, disclosure needs to be done responsibly and openly for the benefit of all computer users. Commercial interests can and do impact the availability of critical information since this information can effect their bottom line in positive and negative ways. Unbiased and responsible vulnerability disclosure is best accomplished in a non-commercial, independent forum under the open scrutiny of the public eye.
VulnWatch was created to bring these high ideals to reality. Steve Manzuik created the concept and enlisted the support of Rain Forest Puppy of Wiretrip and Chris Wysopal (AKA Weld Pond) of @stake to serve as moderators for the list. Other moderators spread around the globe will be joining the team soon. Many other security industry notables have provided behind the scenes support to enable this project to become a reality.
Steve Manzuik said, “The security community is not just a cliche. It really is a community bound by common interests and goals. Lately the over commercialization of vulnerability information has begun to detract from the community spirit that has enabled so many to publish their security research for the benefit of all. We hope that VulnWatch will energize others to contribute to the public security community and help make the Internet a safer place for us all.”
More information about VulnWatch can be found at the VulnWatch website at www.vulnwatch.org. To sign up for the mailing list simply send mail to firstname.lastname@example.org.