In an official blog post, an employee in Verizon's Risk Intelligence unit has
taken aim at researchers who disclose security flaws, calling them "Narcissistic
vulnerability pimps" and comparing them to criminals.
"Have you ever heard of a terrorist referred to as a 'demolition engineer?'"
the unnamed author of the rant asked, one presumes rhetorically. "How about a
thief as a 'locksmith?' No? Well, that's because most fields don't share the
InfoSec industry's ridiculous yet long-standing inability to distinguish the
good guys from the bad guys."
The post goes on to propose that a person who discloses security flaws
henceforth be labeled a "narcissistic vulnerability pimp," which the writer
defines as "One who - solely for the purpose of self-glorification and
self-gratification - harms business and society by irresponsibly disclosing
information that makes things less secure."