My Thoughts on Security Scoreboard

There’s been a lot of buzz in the last few weeks about Security Scoreboard, a site I have volunteered to work with as it goes through a bit of an evolution. Several others have blogged about it, including Anton Chuvakin and Lenny Zeltser. A little context for me, since a number of people have asked me how I got involved, why I got involved, and what’s going on.

First, I got involved since Anton is a friend of mine and sits on the Advisory Board for SS. He was speaking with Dominique Levin, who was just appointed CEO of the site as it gets new funding and a new plan (more on that). Dominique called me to discuss, since Anton recommended me, and I knew Dominique from her LogLogic days. Long story short…she convinced me. What do I see in it? Well, I think it’s needed. The security space is so incredibly cynical and biased against vendors, and we need some good general peer commentary on products we’re using or considering. Amazing – we LOVE to hear ourselves talk in security. But we don’t really share a lot of useful tactical info with each other. I’ve ranted on this before, and won’t go there again in this post, but I think we need more “what’s working for me” conversations with each other.

I’ll be maintaining a few of the categories for the site. Virtualization security, vulnerability management, etc. Things I have deep knowledge and experience in, obviously – and that’s the point. I believe Dominique is assembling a solid team of folks who want to help, have domain expertise, and can contribute to shaping the site as it grows and evolves. Which leads to the next point – where’s it going? Well, to some extent, the mission really is the same. Provide information to the community about vendors and their products, with the intent being for the reviews to be FROM the community, not the vendors, their competitors, or professional reviewers of some sort. To that end, we’ve got out work cut out for us. The most common question I get is, “How will you vet the comments?”. Good question, and I don’t have the definitive, end-all answer to that yet. We’ll need some sort of workable moderation, for sure. To ensure credibility and trustworthiness, people have to be able to trust the site and its content. I’ll keep everyone posted, as I can, about what is happening and how things are coming along, as well as opportunities for you to contribute if you’re interested. I know the site will have lots of updates and info, as well, so check there, too. I’m looking forward to the site’s changes and growth with Dominique at the helm, and so should you.