Top vulnerability researcher?
Posted by jkouns
Who is the top vulnerability researcher? Who has discovered the most computer security vulnerabilities? Which country has the most researchers and publishes the most vulnerabilities? Who has discovered the most critical vulnerabilities?
From looking at OSVDB here are the top 12 researchers in terms of volume:
Rank Creditee # Vulns ----------------------------------------- 1) r0t 770 2) Lostmon Lords 241 3) rgod 239 4) Aliaksandr Hartsuyeu 201 5) Kacper 199 6) James Bercegay 180 7) luny 142 8) Diabolic Crab 139 9) Janek Vind "waraxe" 136 10) JeiAr 117 11) Dedi Dwianto 86 12) M.Hasran Addahroni 79
Take a look at the other OSVDB Browse categories and note you can even click on a Creditee’s name and see all of the vulnerabilities that they have discovered here: http://osvdb.org/browse
Of course our statistics are based off of the content in OSVDB and we need your help to provide better statistics. If you are a researcher, it would help if you could take the time to create an OSVDB account and update the vulnerabilities that you have discovered!
You can signup for an OSVDB account here: https://osvdb.org/account/signup
Here is a quick overview:
-Search for your vulnerabilities at http://osvdb.org/search/advsearch -Click on your vuln, then click “Edit Vulnerability” -Click the Credits menu item, if credit is missing click “Toggle Add Author…” -You name may already be in the database, as you type it will search OSVDB to see if your information is there. If so, select and click “Add Author”. -Once you add the creditee information you can update your information or if your name is not there you can add it as a new creditee.
Rinse and repeat!
Some would also want to include the QUALITY of the vulnerability found not just the QUANTITY.
I mean you can spend half a day with your favorite fuzzer and find a few thousand ways to DoS your favorite web browser but that doesn’t mean you are a great or even good researcher does it?
Absolutely not. We see this every year or two with the newest vulnerability type as well. A while back, XSS reports were through the roof and finding XSS is not rocket science. After that came the wave of SQLi flaws, most reports due to error messages seen after throwing a ’ at the application. Then the wave of RFI vulns, many found through “grep and gripe” auditing, many subsequently found to be false positives as well. Now, fuzzers and DoS are becoming the latest thing to find and report. While they are useful and help improve software quality, it is sad that we rarely see the full details published to know how many vulnerabilities were present, or follow-up to see if any were exploitable for privileges/code execution.
We are definitely hoping to be in a position to document who discovers the most critical vulns as mentioned in the blog post. In fact, we are looking for a range of metrics about researchers and even have spent some time previously trying to figure out a formula to provide Researcher Confidence scores. This “rating” would attempt to explain how often a researcher is accurate and reliable the vulns they disclose. When we were working on this project we spent time looking at how to also measure the complexity and “quality” of the vuln.
At this point, we only have volume stats to post but thanks for the feedback as the blog post was to get comments flowing and also encourage researchers to update/mangle their own vulns in OSVDB! =)