SecuriTeam

SecuriTeam is a free and independent computer security portal, covering both security news and the most recent threats, with a database dating back to 1998. SecuriTeam's main focus is software vulnerabilities.

SecuriTeam was founded by Aviram Jenik and Noam Rathaus and was the basis of what evolved into the security scanning vendor Beyond Security ^[1] but now runs as a completely community-run project. Its most notable effort is the web portal where they notify visitors of new security vulnerabilities, tools and exploits. Another community tool SecuriTeam provides is a blogs site where notable security names such as Roger Thompson, Rob Slade and David Harley write, although most of the contributions to the site are from newer names in the security field. One such contributor is Juha-Matti Laurio who writes about new Zero day attacks as they come out in FAQ form, to end users, and Matthew Murphy who writes technical commentary and policy commentary on the issue of full disclosure.

Daily cartoons

SecuriTeam publishes daily comic strips which relate to the latest news and gossip in the hacking scene (encompassing also spam, privacy and other related subjects).

These are published on the SecuriTeam blogs site, and on a site created just for the comic strips called SecuriToons.

Currently, SecuriTeam has three running cartoons, each published twice a week:

Memory Leak by the artist Brian Shearer - a comic strip dealing with issues related to current events in the security world by the means of jokes.
Insecurity by the artist Michael Rankin - a story yet to be understood.
Earl by the artist Dan Thompson - the happenings of Earl the hacker, his land-lord and his sexy neighbor.

Older cartoons SecuriTeam used to run, include:

Hacked by the artist Dale Braden - a comic strip with a new security related joke every slide.
Null Terminated by the artist Brian Shearer - a comic strip with assembly language and reverse engineering jokes.
Zoned-Out by the artist V Shane - Zoned-Out only lasted for one slide.

Debate: Publishing exploit code publicly

SecuriTeam is one of the few sites online which refer to themselves as whitehat, and serve exploit code to the public. Serving exploit code publicly is a very heated issue in security circles, as some believe this aids miscreants in creating new attacks such as worms.

Once such exploit code is available openly, it is much easier for virus authors to embed in malware and release it, infecting computers.

Others believe that the miscreants already have their sources for the exploit code, and that unless information such as this is provided to the community, it will be that much more difficult to defend against attackers, comparable to being blind while under attack. Further, finding the information defenders need the way blackhats do in unacceptable to most defenders, and would make it that much more difficult for them to stay on the "right side of the fence". According to advocates of this approach, the bad guys have their resources mainly because they hang in shady circles and perform unethical actions. Whitehats would be hard pressed both legally and ethically to act in this fashion.

This issue is often considered one of ethics. The SecuriTeam community believes that knowledge should be free and advocates the full disclosure of security information, such as vulnerabilities and exploits.

Statistics

SecuriTeam publishes statistics about its vulnerability database, with data on the number of articles published on the web site and those relating to certain keywords. This is intended to highlight trends on the disclosure of vulnerabilities in popular products and tools.

Notes

↑ "Company Overview." Beyond Security.

References

External links

SecuriTeam Homepage
SecuriTeam Blogs
SecuriToons SecuriTeam's comic strips site
bugtraq debate: publishing exploit code
SecuriTeam's mailing list archived