[ISN] The branded bug: Meet the people who name vulnerabilities

http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/ By Violet Blue Zero Day ZDNet News November 25, 2014 If the bug is dangerous enough, it gets a name. Heartbleed’s branding changed the way we talk about security, but did giving a bug a logo make it frivolous… or is this the evolution of infosec? Criminals, such as bank robbers, are often named because there are too many to keep track of. Just as killers and gangsters end up in history marked and defined by where they murdered (the “Trailside Killer”) or having a characteristic (“Baby Face” Nelson), the same goes for critical bugs and zero days. Stephen Ward, Senior Director at iSIGHT Partners (iSIGHT reported the “Sandworm” Microsoft zero-day), explained to ZDNet, “Researchers will often use unique characteristics discovered in malware or in command and control to give a team or a particular exploit a name. It helps to create an understanding and an ongoing reference point as malware variants surface or activities of a team continue.” He continued […]