SecuriTeam is a free and independent security portal, covering both security news and the most recent threats, with a database dating back to 1998. SecuriTeam's main focus is software vulnerabilities.

SecuriTeam is a community-run project. Its most notable effort is the web portal where they notify visitors of new security vulnerabilities, tools and exploits. Another community tool SecuriTeam provides is a blogs site where notable security names such as Roger Thompson, Rob Slade, Gadi Evron and David Harley write, although most of the contributions to the site are from newer names in the security field. One such contributor is Juha-Matti Laurio who writes about new 0day attacks as they come out in FAQ form, to end users, and Matthew Murphy who writes technical commentary and policy commentary on the issue of full disclosure.

Debate: Publishing exploit code publicly

SecuriTeam is one of the only sites online which refer to themselves as whitehat, and serve exploit code to the public. Serving exploit code publicly is a very heated issue in security circles, as some believe this aids miscreants in creating new attacks such as worms.

Once such exploit code is available openly, it is much easier for virus authors to embed in malware and release it, infecting computers.

Others believe that the miscreants already have their sources for the exploit code, and that unless information such as this is provided to the community, it will be that much more difficult to defend against attackers, comparable to being blind while under attack. Further, finding the information defenders need the way blackhats do in unacceptable to most defenders, and would make it that much more difficult for them to stay on the "right side of the fence". According to advocates of this approach, the bad guys have their resources mainly because they hang in shady circles and perform unethical actions. Whitehats would be hard pressed both legally and ethically to act in this fashion.

This issue is often considered one of ethics. The SecuriTeam community believes that knowledge should be free and advocates the full disclosure of security information, such as vulnerabilities and exploits.

External links

Community content is available under CC-BY-SA unless otherwise noted.