Vicarius announced at the Black Hat USA 2022 conference the release of vsociety, a social community for security professionals that aims to enable peer-to-peer networking and open-source collaboration on vulnerability research.
In the short time since its inception, the vsociety community has proven itself as a valuable research hub, with multiple pieces of original research published exclusively to the cybersecurity social network. Among them, a new proof-of-concept exploit targeting Google SLO-Generator, posted by anonymous user ‘M’, details the path to exploitation along with the steps to remediate and patch.
“Knowledge sharing is critical to ensure growth of the Infosec community, and with vsociety’s community model and intuitive design, it is the best place to publish original research,” said ‘M’, researcher.
While the concept of vendor user communities is hardly novel, Vicarius stresses the need for an open-source platform not directly influenced by a particular solution or user group, truly democratizing information awareness around security research as a whole.
The platform encourages original security research and conversation around topics of interest, allowing users to benefit from novel vulnerability publication and establish relationships with their peers.
By creating a free account, users can create content and engage in discussions around top-of-mind topics in security, as well as offer solutions, insights, and analysis on user generated content.
Further, the vsociety feed is regularly updated with the latest Critical Vulnerabilities and Exposures (CVEs) in real-time, allowing users to post simplified, human-readable explanations of newly identified vulnerabilities for the community to consume – as well as remediation scripts to thwart them.
“The launch of vsociety continues our commitment to giving back to the security community and opening up critical information for security practitioners around the world,” said Michael Assraf, CEO and co-founder of Vicarius. “A lot of the online communities today are adequately equipped to host conversations—and they do it very well—but they haven’t been designed specifically to gather actionable intelligence.”
It is worth noting that malicious actors and those intent on launching broad cyber attacks have long utilized the power of organizing to carry out their campaigns. Assraf believes it is time to adopt similar strategies in order to make the security response more robust.
“Bad actors and the ethically-challenged have long collaborated with one another on various corners of the web, and we think the security community is overdue for a space of their own,” said Assraf.
“We created vsociety to strengthen the bonds between DevSecOps, sysadmins, security engineers, and researchers, encouraging participation from every subsector. We hope this leads to more discoveries and strategies to push our industry forward. Ultimately, we’re strongest when we share information and work together to make our digital world a safer place.”, Assraf continued.
vsociety was born from countless conversations with security researchers who expressed a need for a vendor-free community space where they could work together to solve problems. The founders stress that the community is independent of vendor influence and moderated by the community members themselves. Content and discussions remain impartial and users can share user-generated remediation scripts for the benefit of the broader community.
“A good community— if it does its job well—can connect practitioners across disciplines and across borders while offering practical, real-world solutions. Remediation scripts are available and can be leveraged by the community as a whole no matter what tool is used. It’s essential for everyone – from individuals to companies to government agencies – to do their part to improve cybersecurity. Whether investing in better security practices, lending insights to peers, or being more careful about what information you share, we each have our roles. Our role is in building a community security researchers may turn to for education, collaboration, and connection,” said Assraf.