An Information Security Place

I just discovered the Security Curve Weblog. Looks likes some good commentary. The most recent post is about McAfee and their announcement of getting back into vulnerability discovery. I liked the thoughts that were given, and the writing style is good.

And since I just posted a question about using my comments on other blogs for my own blog postings, I am going to go ahead and post my comments from the above post:

This issue has been looked at from some time now, with the conspiracy
theorists saying McAfee and Symantec hire hackers to create viruses to gen business. I never believed those allegations, but this is in the same
vein. However, now it is explicit, so it brings it out even more into the
public eye.

The concepts of ethical hacking and hiring greyhats to
find vulnerabilites have always been lightning rods for security pros.
Will a hacker always be ethical? Who’s to say a greyhat won’t sell McAfee a vulnerability then turn around and sell it to someone else for malicious purposes?

I also find it somewhat interesting that people tend to explicitly trust the motivations of those who find vulnerabilites on their own and report them to the proper organizations. But that is another conversation.

Vet

I often find that my best blogging is done as comments to other blogs. Is it wrong to take your own comments from other blogs and post them on your blog? They are my words, and I get most of my inspiration from other people’s writings (yes, I do have original thoughts – sometimes I just need grease to lube the gears).

I don’t think there is anything wrong with it, but I don’t want to cross any blogging lines that I am not aware of.

Vet