At this time of the year my eyes usually glance westward to see what’s being revealed at the Black Hat and Defcon conferences in Las Vegas. Over the years these back-to-back events have served as a showpiece for announcements of hot findings from the esoteric community of code buffs who study security vulnerabilities.
So what happened this year? Not a lot according to reports from seasoned attendees. What’s going on? After all it should have been a bumper year for exploits given the continuing growth in the security research field. Brian Krebs’ report in the on-line Washington Post hits the nail on the head. Could it actually be that the research community is becoming more responsible, mindful of the serious consequences of disclosing a gaping hole in a protocol or platform? Or is it because security researchers are now more inclined to sell their vulnerabilities privately to the highest bidder?