Meeting the Enemy

Abstract My idea is that talking to the computer security underground is a good thing for security practitioners to do. It has been problematic, though. The theory is that understanding vulnerabilities, the threats of exploiting them, the risks that these threats pose, and the appropriate countermeasures to use against them includes talking to the “enemy” (the computer security underground). After all, the enemy includes those who freely trade vulnerability information — often well before it becomes known to the legitimate security community. Despite the obvious appeal of this approach, the road to a forum for the exchange of information with the enemy has not been a smooth one. Therein lies a tale.