Personal tools
You are here: Home BUGTRAQ is dead
Navigation
Who is Tracy Reed?

I am a Linux enthusiast, a multi-engine instrument-rated pilot, and a traveller. I am interested in all aspects of computing and technology in general, especially Linux and Free Software. As an avid pilot I can be found somewhere over the skies of the southwestern US most weekends.  As a traveller I have been to many interesting places. Check out my photo gallery. Want to get me something cool? Check out my Amazon.com wish list!

 Tracy

 

BUGTRAQ is dead

by Tracy R Reed — last modified Jan 02, 2009 12:48 AM

The BUGTRAQ mailing list ain't what it used to be.

I sent the following to the bugtraq mailing list. The moderator of the list replied with basically a shrug of the shoulders and bounced my post back to me.

------------------

Subject: The utility of bugtraq
From: Tracy R Reed <treed@ultraviolet.org>
Date: Mon, 26 Jun 2006 14:35:38 -0700
To: bugtraq@securityfocus.com

I have been a subscriber to bugtraq for over 10 years. I made the
acquaintance of Aleph1 and I think maybe he turned me onto the list, I
don't recall. When I first subscribed I read every email that came
across the list because it was probably something that applied to one of
the UNIX's I administered and could affect me. Many emails contained
actual exploit code which was very interesting in understanding what was
really going on.

But the list has changed a lot since then. Now it seems like every
platform is fair game for the list even though no one person cares about
more than a very small percentage of those platforms. We have tons of
XSS exploits being posted for webapps that nobody has heard of. We even
have XSS exploits being posted which are unique to individual websites.
What is the point of posting those? What are the rest of us going to
learn from a site-specific XSS exploit for blacksingles.com that we
didn't learn from the previous thousand XSS exploits and why should we
read over a thousand emails a month about such things?

I don't know if the change in the population of the Internet in general
is responsible for the change in utility of the bugtraq list or if it is
due to the new ownership of the list but it went from being an
indispensable tool for the system administrator to being a massive
source of useless noise. I guess it's time for this old UNIX fogey (and
I'm just 31!) to move on.

Document Actions

BUGTRAQ is dead

Posted by Sam at Jan 02, 2009 12:32 AM

Here here. BUGTRAQ is a useless list now. Even FullDiscolsure is going that way too. I'm all for the principal, but in the reality of adminsitering systems daily I would love a "practical exploits which I actually care about for the systems I administer" mailing list. There's an idea for anyone with the inclination, time, and ability to knock something up to publish customised RSS feeds - which isn't me ;)

Nice comment on oreilly.net too! (which is how I found your site).