- Have been following this thread at Risky.Biz about “VulnDisco bug list made public“. I think through flagg’s comments, our position on it has been made. Yes, we are their local representatives as we are with Immunity and D2. Not that any of this is news as Securus Global has been for a while (see link). Personally, I don’t think this is story is news here as Flagg mentioned for some in the industry but it does make for good awareness for a majority of the industry who may be oblivious to markets outside of “mainstream” security products. Interesting reading some of the comments though in terms of thoughts on effectiveness, impact and moreso about people’s thoughts on difficulty (or lack of thereof) in reproducing exploits based upon a knowledge now of the vulnerabilities.

- With Cloud Security being such a popular topic of discussion now, good unbiased sources of news and information about Cloud Security can be hard to find. (Vendor waffle vs. reality for example). My favourite site is Craig Balding’s cloudsecurity.org. If you want information that is honest, informative and asks serious questions about the topic, bookmark this one! Craig has also recently kicked off the Cloud Security podcast here with Chris Hoff of Rational Survivability. Highly recommended.

- Craig has also recently kicked off fudsec.com; a site dedicated to looking at the FUD in our industry. Another blog that I have added to my bookmarks in recent times is; Security Ninja Blog. Worth a good look!

- In a few recent posts here, I’ve looked at things on the perimeter of our industry so to speak. I think topics like this are just as important to address as those directly relating to security issues and problems within organisations. The relationship to me is clear in terms of how these issues/topics are causes of greater flow-on problems down the track, whether directly for organisations, or indirectly through partnerships and other vendor engagements. We can’t bury our heads in the sand and just accept that this is how things are, and things are not going to change. They can and they do start with the individual. And, there are some great individuals in our industry who are making a difference and influencing change. As I mentioned a few posts ago, if you want to meet some amazing people doing some amazing things, few better places to start right now than Twitter. If you’re not sure where to start, check out this site and work from there: http://security-twits.com/.

- Thanks all for the feedback and responses to recent posts. Don’t forget to support the local bloggers if you are an Australian by checking out The Australian IT Security Blog Directory.

**** Got something you want to get off your chest, Beast or Buddha is inviting submissions for posts here. Please contact us if you want to post an article, paper or just a rant on something you believe will be of interest to the community. ****