Security guru Marcus Ranum argues that independent “security researchers” who spend their time constantly looking for security bugs are a drain on the security community. Without security researchers to keep vendors in line, we would not make anywhere near as much progress in security, he says. But in many cases security researchers seem only to be in the game for fame and glory. In the mid ’90s when I was working with the Princeton team to break Java, we had a hard time getting Sun, Netscape and Microsoft to take our discoveries seriously.”]
Source: https://www.darkreading.com/analytics/security-s-symbiosis