[attrition] rant: Vulnerability Research Labs - Most Worthless Advisories Award, 2012
lyger
lyger at attrition.org
Wed May 23 13:51:45 CDT 2012
http://attrition.org/security/rants/vulnerability-lab/
Wed May 23 01:24:30 CDT 2012
By Jericho
Vulnerability research advisories come in all shapes and styles. Some
companies release brief summaries with no technical details as part of
their responsible disclosure policy. Some security researchers will
release incredibly detailed reports full of technical details and all of
the information one could need regarding the issue. In at least one case,
we find the weirdest combination of lengthy advisories that offer up the
least amount of information possible.
The following advisory from Vulnerability Research Labs
(vulnerability-lab.com) is not necessarily the worst, but it is indicative
of their advisories. The most troubling part is that the group obviously
spends a lot of time writing them, but it doesn't appear they spend much
time actually researching or reading their own advisories. Oh, and they
also don't understand how text advisories and HTML works.
[...]
More information about the attrition
mailing list