I’m a professional UK software developer with over 35 years of programming experience. Over 25 of these have centered around the internet and web based technologies. This award winning blog is about all things #InfoSec, #AppSec and #CyberSecurity related (because I sometimes like to go into a little more detail than a character-limited Tweet will allow! – but don’t let that stop you from following me on Twitter also: @isecguy).
I’m a firm believer in “responsible disclosure”. I have privately disclosed a number of significant internet and software vulnerabilities/flaws to their respective vendors over the past several years. Some of which I’ve blogged about, and more of which I’ll be blogging about in the future, once the relevant parties have had adequate time to address their vulnerabilities/flaws.
You may have noticed that I don’t publish my name here on my blog. Why the anonymity? Well, sadly, from experience many organizations are not all that appreciative of being approached with private & responsible disclosures of potential security vulnerabilities in their products/websites. Many often fail to understand and distinguish the differences between ethical security researchers such as myself trying to help them out, and “malicious hackers”.
Some of the vulnerabilities I uncover and responsibly disclose directly affect products/services of which I myself am also a customer. I don’t want vendors getting funny with me and start suspending/terminating my accounts & services with them for raising valid and legitimate security concerns. Don’t get me wrong – many organizations and vendors ARE extremely grateful for having potential security issues and flaws brought to their attention. However, I’ve chosen to remain anonymous because of the handful who aren’t.
I hope this blog will serve to educate and inform everyone; whether you’re just an every day basic internet user, webmaster, software developer, or IT/security professional… why? Because the bottom line is, I strive for a safer and securer internet for all!
I’d love to hear from you, so why not connect with me on Twitter (@isecguy)