Security site to bookmark: securityerrata.org

Controversial but worth-reading

In the past, guilds regulated and controlled the practice of a craft. Securityerrata.org, an initiative from the attrition.org volunteer crew, aims to protect the information security profession from intruders.

In an almost irreverent way, they publish news that is charged with irony (for example, a security company that promises 100% security with its products and that, interestingly enough, is successfully attacked and compromised) and references to security snake oil sellers.

All this controversial content is organized into twelve sections that reveal:

- Companies that sell products containing malware before they even reach customers.

- Legal threats to security researchers who have found a security vulnerability.

- Failures in automated software update processes.

- Charlatans, be it individuals or companies, who introduce themselves as security gurus. The subsection dealing with companies can be controversial.

- Plagiarism: A long list of authors and books that turn out to be copies of previous publications.

- Firms offering security services or products that have been attacked and compromised themselves.

- Security companies that send unsolicited e-mail ("spam") to prospective customers.

- Security incidents involving Internet-related companies, such as the case of Stratfor, a company that suffered loss of confidential information in 2011.

- Invented or manipulated security statistics.

- Examples of how media confuse their audience with not confirmed security news. This section stopped being updated a long time ago. The authors could not keep with the rhythm of appearance of such pieces of news.

- Vulnerabilities and data leakage items from initiatives like osvdb.org, the Open Source Vulnerability Database, and datalossdb.org, a site that I already recommended in this blog.

Definitely securityerrata.org shows the great influence of mass media and acts as a whistle blower against charlatans. It is an Internet-based antidote to identify attempted fraud in information security. Therefore, before buying a product or a security book, have a look at their pages.

Happy errata reading!

You can also read this post in Spanish here.

Dark night