From lyger at attrition.org  Wed May 23 13:51:45 2012
From: lyger at attrition.org (lyger)
Date: Wed, 23 May 2012 13:51:45 -0500 (CDT)
Subject: [attrition] rant: Vulnerability Research Labs - Most Worthless
 Advisories Award, 2012
Message-ID: <alpine.LNX.2.00.1205231350210.27893@forced.attrition.org>


http://attrition.org/security/rants/vulnerability-lab/

Wed May 23 01:24:30 CDT 2012
By Jericho

Vulnerability research advisories come in all shapes and styles. Some 
companies release brief summaries with no technical details as part of 
their responsible disclosure policy. Some security researchers will 
release incredibly detailed reports full of technical details and all of 
the information one could need regarding the issue. In at least one case, 
we find the weirdest combination of lengthy advisories that offer up the 
least amount of information possible.

The following advisory from Vulnerability Research Labs 
(vulnerability-lab.com) is not necessarily the worst, but it is indicative 
of their advisories. The most troubling part is that the group obviously 
spends a lot of time writing them, but it doesn't appear they spend much 
time actually researching or reading their own advisories. Oh, and they 
also don't understand how text advisories and HTML works.

[...]