Got a kick out of this Verizon Business Risk Intelligence post:
“Problem-makers and Solution-makers should no more have the same label as terrorists and engineers. Sure, they both interact with explosives in their daily business but they put their skills to vastly different uses. Is there a reason we must continue to label people by the elements of their trade rather than the merit of their deeds?
We think not. We at Verizon Risk Intelligence do hereby adopt and resolve to faithfully use the following definitions:
- Security Researcher: One who studies how to secure things and/or how things are not secure in order to find a solution.
- Security Practitioner: One who applies the findings of the Security Researcher in order to make things more secure.
- Narcissistic Vulnerability Pimp: One who – solely for the purpose of self-glorification and self-gratification – harms business and society by irresponsibly disclosing information that makes things less secure (or increases risk).
- Criminal: One who actively subverts security without authorization or deliberately creates ways for others to do so.”
Securing Our eCity Contributing Writer
PS: Great link within the quotes to Bruce Schneier’s essay on full disclosure of vulnerabilities.