Back in 2009 I wrote a blog post about vulnerability disclosure. It's interesting reading the post four years later, looking at things that have happened at places I've worked, vulnerabilities I've reported personally or watched others submit.
The security industry seems to be broadly polarised by the Attorney-General's recent announcement of the formation of CREST Australia (Council of Registered Ethical Security Testers). For those who have not kept pace with this piece of news, CREST Australia has been chartered by the AG's office to certify the competency of penetration testers within Australia. Now, I've spoken with quite a few people and I am quite surprised at the variety of responses—particularly from people I would have expected to endorse it.
"If a nation values anything more than freedom, it will lose its freedom: and the irony of it is that if it is comfort or money that it values more, it will lose that, too." -- William Somerset Maugham
"Independent Security Consultant
Jarrod Loidl is an independent information security consultant with over seven years industry experience. He has worked in a number of different verticals such as education, gaming, advertising, financial services, professional services, not-for-profit and healthcare. His specialities are security management, risk and architecture and penetration testing. Though most of his experience lies in management end of security, he's trying to get back to his roots and stay in the technical game. He is an active member of the Australia Information Security Association (AISA) and ISACA and has presented at both the local Melbourne AISA and OWASP chapters.
He is an avid, life long learner. His qualifications include a Bachelors degree in Computing, CISSP, CRISC, CISM, SABSA Certified Architect (SCF), Certified Penetration Tester (CPT) and very slowly chipping away at obtaining a Masters in Business Administration."