HomeTech PlusTECH & OTHER NEWSIconic BugTraq security mailing list shuts down after 27 years

Iconic BugTraq security mailing list shuts down after 27 years

bugtraq.png
Image: ZDNet

BugTraq, one of the cybersecurity industry’s first mailing lists dedicated to publicly disclosing security flaws, announced today it was shutting down at the end of the month, on January 31, 2021.

The site played a crucial role in shaping the cybersecurity industry in its early, fledgling days.

Established by Scott Chasin on November 5, 1993, BugTraq provided the first centralized portal where security researchers could expose vulnerabilities after vendors refused to release patches.

The portal existed for many years in a legal gray zone. Discussions on the site about the legality of “disclosing” security flaws when vendors refused to patch are what shaped most of today’s vulnerability disclosure guidelines, the axioms on which most bug hunters operate today.

Today, it sounds reasonable for a security researcher to release details about a patched or unpatched bug, but back then, such details were often controversial, sometimes resulting in many legal threats.

But as time went by, BugTraq’s popularity and principles won the day. The portal became the first place where many major vulnerabilities were announced in an era where researchers couldn’t easily host personal sites and blogs.

Similar bug disclosure lists were released following BugTraq’s original model, and many security firms founded across the years often ended up scraping the site’s content as a base for their own vulnerability databases.

BugTraq’s demise

BugTraq itself also exchanged hands several times, from Chasin to Brown University, then to SecurityFocus, which was acquired by Symantec.

The portal’s demise started in 2019 when Broadcom acquired Symantec. Three months later, in February 2020, the site stopped adding new content, remaining mostly an empty shell.

Today, the site’s last maintainers confirmed the portal’s current state of affairs and formalized BugTraq’s passing into infosec lore.

“At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list,” the message read.

Although many saw it coming, the site’s announcement triggered a wave of nostalgia from today’s cybersecurity veterans, many of which either started or were active on the mailing list since its launch.

“I’d liken it impact to the impact Twitter currently has on the way we communicate today,” said Ryan Naraine, former director of security strategy at Intel, and one of the cybersecurity industry’s veterans.

“Except that it was mandatory to be on there [on BugTraq] to get advisories and live commentary from what wasn’t yet a fully formed security industry.

“So many big stories were originally announced in BugTraq and FullDisclosure [another similar mailing list],” Naraine added.

“It’s the place the Litchfields made their name in the early days. I remember David Litchfield consistently dropping Oracle hacking tools and research.

“It was the watercooler that connected what was emerging as a security industry.”

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS