On the end of vulnerability hunting

by Anton Chuvakin

Related link: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1014528,00.html



Here is a funky piece that proclaims that "the days of vulnerability hunting in support of better security are over". Good guys supposedly should stop looking for new vulnerabilities in software and just let the bad guys handle that side of the house :-) Instead, they should focus on protection with no regard to known vulnerabilities.

Here are some smart people
poking fun at the article.


Not sure whether the author intended it this way, but to some extent the claim makes sense. Just assume every exposed piece of software you run has vulnerabilities known to somebody in the world! That makes the whole prevent/detect/respond business much more challenging and fun...