It seems that since vendors started bringing out bug bounties, for all the right reasons I might add, a new breed of “security researcher” has appeared. This new type of researcher is single minded in his/her task and has a simple, no effort, no thought way of achieiving it “fuzzing!”
Dont get me wrong, fuzzing is a legitiamte and good technique, but dont hide behind a wall of fuzz and consider yourself a security researcher, have an original idea, something that would benefit the community/country/world order, and put your efforts into that instead of lining your pockets with vendor dollars!
Right now, we have an entireley new breed of researcher, focussed on notoriety, fame & profit, and that is not the right thing for the industry. What we need are innovators, original thinkers, thought leaders (real ones not self proclaimed hacks that peddle vapourware to the masses, I work with lots of these fools).
You will notice a distinct lack of personal research from myself, and probably decide as a result I have no business writing this post, however, That is largley due to the fact all of my “original thought” is applied directly to my business and through that to my clients and therefore the actual, realised benefit of improving the world in some small way, so rather than hunting for kudos in the ether or “peer respect” from people I have never met, I prefer to come up with an idea that benefits people, opperationalise that idea, apply it to my clients, and make a profit along the way.
//RANT OVER//