An excerpt from my latest Dark Reading Post:
I'm all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
If I’ve learned anything about vulnerability management as part of a large security operation, it’s that these things are serious business. Vulnerabilities are a threat to companies using the affected technology and – more importantly – a threat to their customers. Customers’ personal data is at stake. Trust in the affected company is on the line. We need to figure out where our systems are affected, if at all, and move fast but carefully to keep users secure.
That means investigating disclosures in a calm, cool manner. But in this age of so-called “designer vulnerabilities” – in which catchy logos and other content are used as part of the disclosure process – it’s getting more difficult to maintain one’s perspective.
Read the rest here.