Bugtraq
Encyclopedia
Bugtraq is an electronic mailing list
dedicated to issues about computer security
. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
Bugtraq was created on November 5, 1993 by Scott Chasin in response to the perceived failings of the existing Internet
security infrastructure of the time, particularly CERT. Bugtraq's policy was to publish vulnerabilities, regardless of vendor response, as part of the full disclosure
movement of vulnerability disclosure.
Elias Levy
, also known as Aleph One (alluding to the cardinal number aleph one), noted in an interview that "the environment at that time was such that vendors weren't making any patches. So the focus was on how to fix software that companies weren't fixing."
The mailing list was unmoderated originally, but the signal-to-noise ratio eventually became unacceptably bad. Moderation began on June 5, 1995. Elias Levy
moderated the list from June 14, 1996 until he stepped down on October 15, 2001. David Mirza Ahmad, one of the many co-authors of Hack Proofing Your Network, Second Edition, took over from Levy and continued until he stepped down on February 23, 2006. David McKinney, a DeepSight threat analyst at Symantec
, took over from Ahmad and is the current moderator.
Bugtraq was originally hosted at Crimelab.com. It was moved to the Brown University NetSpace Project — which has since been reorganized as the NetSpace Foundation — on June 5, 1995, the same day that its moderation began. In July 1999 it became the property of SecurityFocus and was moved there. SecurityFocus was acquired in full by Symantec on August 6, 2002.
Electronic mailing list
An electronic mailing list is a special usage of email that allows for widespread distribution of information to many Internet users. It is similar to a traditional mailing list — a list of names and addresses — as might be kept by an organization for sending publications to...
dedicated to issues about computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
Bugtraq was created on November 5, 1993 by Scott Chasin in response to the perceived failings of the existing Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
security infrastructure of the time, particularly CERT. Bugtraq's policy was to publish vulnerabilities, regardless of vendor response, as part of the full disclosure
Full disclosure
In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
movement of vulnerability disclosure.
Elias Levy
Elias Levy
Elias Levy , was the moderator of the full disclosure vulnerability mailing list Bugtraq from May 14, 1996, until he stepped down on October 15, 2001. He was the CTO and co-founder of the computer security company SecurityFocus, which was acquired by Symantec on August 6, 2002...
, also known as Aleph One (alluding to the cardinal number aleph one), noted in an interview that "the environment at that time was such that vendors weren't making any patches. So the focus was on how to fix software that companies weren't fixing."
The mailing list was unmoderated originally, but the signal-to-noise ratio eventually became unacceptably bad. Moderation began on June 5, 1995. Elias Levy
Elias Levy
Elias Levy , was the moderator of the full disclosure vulnerability mailing list Bugtraq from May 14, 1996, until he stepped down on October 15, 2001. He was the CTO and co-founder of the computer security company SecurityFocus, which was acquired by Symantec on August 6, 2002...
moderated the list from June 14, 1996 until he stepped down on October 15, 2001. David Mirza Ahmad, one of the many co-authors of Hack Proofing Your Network, Second Edition, took over from Levy and continued until he stepped down on February 23, 2006. David McKinney, a DeepSight threat analyst at Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
, took over from Ahmad and is the current moderator.
Bugtraq was originally hosted at Crimelab.com. It was moved to the Brown University NetSpace Project — which has since been reorganized as the NetSpace Foundation — on June 5, 1995, the same day that its moderation began. In July 1999 it became the property of SecurityFocus and was moved there. SecurityFocus was acquired in full by Symantec on August 6, 2002.
External links
- SecurityFocus - Mailing Lists (Bugtraq is the first mailing list under the Most Popular heading)
- BUGTRAQ - VULNERABLE SITES TRACKER (First Professional Vulnerable Sites Tracker)
- Salon - Technology & Business - How do you fix a leaky Net? (includes mention of Bugtraq)
- Spirit - Network Defense - Full Disclosure, or Tales to embarrass Vendors ~ The Good Old Days (archive copy) (a history of the CERT Advisory CA-93:15 fiasco)