I’m a professional UK software developer with over 30 years of programming experience (over 20 of which have centered around the internet and web based technologies). This award winning blog is about all things #InfoSec, #AppSec and #CyberSecurity related (because I sometimes like to go into a little more detail than a 140-character Tweet will allow! – but don’t let that stop you from following me on Twitter also: @isecguy).
I’m a firm believer in “responsible disclosure”, and have privately disclosed a number of significant internet and software vulnerabilities/flaws to their respective vendors over the past few years (some of which I’ve blogged about, and more of which I’ll be blogging more about in the near future, once the relevant parties have had adequate time to address their vulnerabilities/flaws)
You may have noticed that I don’t publish my name here on my blog. Why the anonymity? Well, sadly, from experience many organizations are not all that appreciative of being approached with private & responsible disclosures of potential security vulnerabilities in their products/websites, and fail to understand and distinguish the differences between ethical security researchers such as myself and “malicious hackers”.
As some of the vulnerabilities I uncover and responsibly disclose directly affect products/services of which I myself am also a customer, I don’t want vendors getting funny with me and start suspending/terminating my accounts & services for raising legitimate security concerns with them. Don’t get me wrong – many organizations and vendors ARE extremely grateful for having security issues brought to their attention, but I’ve chosen to remain anonymous because of the handful who aren’t.
I hope this blog will serve to educate and inform everyone; whether you’re just an every day basic internet user, webmaster, software developer, or IT/security professional… why? Because the bottom line is, I strive for a safer and securer internet for all!
I’d love to hear from you, so why not connect with me on Twitter (@isecguy)