Who “brands†vulnerabilities?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
63
down vote
favorite
It appears that every time there's a vulnerability discovered major enough to hit the news, its been assigned a brand name and often even a logo. Heartbleed, Spectre, Meltdown, Foreshadow, etc. Who decides and produces these? Is it typically the person / group who discovered the bug, the group with responsibility for the affected product, or someone else?
I understand malicious software is typically named / branded by its author, but it seems odd that someone is out there coming up with names and designing logos for vulnerabilities.
vulnerability
asked Aug 15 at 12:36
Kai
42445
add a comment |Â
up vote
63
down vote
favorite
It appears that every time there's a vulnerability discovered major enough to hit the news, its been assigned a brand name and often even a logo. Heartbleed, Spectre, Meltdown, Foreshadow, etc. Who decides and produces these? Is it typically the person / group who discovered the bug, the group with responsibility for the affected product, or someone else?
I understand malicious software is typically named / branded by its author, but it seems odd that someone is out there coming up with names and designing logos for vulnerabilities.
vulnerability
asked Aug 15 at 12:36
Kai
42445
3
Which is easier to communicate about, CVE-2014-0160 or Heartbleed?
– Andy Lester
Aug 16 at 21:50
add a comment |Â
up vote
63
down vote
favorite
up vote
63
down vote
favorite
It appears that every time there's a vulnerability discovered major enough to hit the news, its been assigned a brand name and often even a logo. Heartbleed, Spectre, Meltdown, Foreshadow, etc. Who decides and produces these? Is it typically the person / group who discovered the bug, the group with responsibility for the affected product, or someone else?
I understand malicious software is typically named / branded by its author, but it seems odd that someone is out there coming up with names and designing logos for vulnerabilities.
vulnerability
asked Aug 15 at 12:36
Kai
42445
It appears that every time there's a vulnerability discovered major enough to hit the news, its been assigned a brand name and often even a logo. Heartbleed, Spectre, Meltdown, Foreshadow, etc. Who decides and produces these? Is it typically the person / group who discovered the bug, the group with responsibility for the affected product, or someone else?
I understand malicious software is typically named / branded by its author, but it seems odd that someone is out there coming up with names and designing logos for vulnerabilities.
vulnerability
vulnerability
asked Aug 15 at 12:36
Kai
42445
asked Aug 15 at 12:36
Kai
42445
asked Aug 15 at 12:36
Kai
42445
asked Aug 15 at 12:36
Kai
42445
asked Aug 15 at 12:36
Kai
42445
42445
3
Which is easier to communicate about, CVE-2014-0160 or Heartbleed?
– Andy Lester
Aug 16 at 21:50
add a comment |Â
3
Which is easier to communicate about, CVE-2014-0160 or Heartbleed?
– Andy Lester
Aug 16 at 21:50
3
3
Which is easier to communicate about, CVE-2014-0160 or Heartbleed?
– Andy Lester
Aug 16 at 21:50
Which is easier to communicate about, CVE-2014-0160 or Heartbleed?
– Andy Lester
Aug 16 at 21:50
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
74
down vote
accepted
They are all branded by the people discovering them. There's even a note on the wiki for Heartbleed:
Logo representing Heartbleed. Security company Codenomicon gave
Heartbleed both a name and a logo, contributing to public awareness of
the issue.
Spectre/Meltdown explains the branding on their site. As does Foreshadow (same artist).
Such publicity helps to make the issue mainstream and more shareable and suitable for pick-up by the general media. This helps to make the problem more well-known, as well as the people who created the brand. Just like any other marketing.
Given that it is relatively cheap to get a logo designed (welcome to the gig economy), the return on investment, even for an expensive logo, is huge if it gets picked up by the media.
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
1
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
8
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
16
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
74
down vote
accepted
They are all branded by the people discovering them. There's even a note on the wiki for Heartbleed:
Logo representing Heartbleed. Security company Codenomicon gave
Heartbleed both a name and a logo, contributing to public awareness of
the issue.
Spectre/Meltdown explains the branding on their site. As does Foreshadow (same artist).
Such publicity helps to make the issue mainstream and more shareable and suitable for pick-up by the general media. This helps to make the problem more well-known, as well as the people who created the brand. Just like any other marketing.
Given that it is relatively cheap to get a logo designed (welcome to the gig economy), the return on investment, even for an expensive logo, is huge if it gets picked up by the media.
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
1
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
8
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
16
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
add a comment |Â
up vote
74
down vote
accepted
They are all branded by the people discovering them. There's even a note on the wiki for Heartbleed:
Logo representing Heartbleed. Security company Codenomicon gave
Heartbleed both a name and a logo, contributing to public awareness of
the issue.
Spectre/Meltdown explains the branding on their site. As does Foreshadow (same artist).
Such publicity helps to make the issue mainstream and more shareable and suitable for pick-up by the general media. This helps to make the problem more well-known, as well as the people who created the brand. Just like any other marketing.
Given that it is relatively cheap to get a logo designed (welcome to the gig economy), the return on investment, even for an expensive logo, is huge if it gets picked up by the media.
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
1
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
8
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
16
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
add a comment |Â
up vote
74
down vote
accepted
up vote
74
down vote
accepted
They are all branded by the people discovering them. There's even a note on the wiki for Heartbleed:
Logo representing Heartbleed. Security company Codenomicon gave
Heartbleed both a name and a logo, contributing to public awareness of
the issue.
Spectre/Meltdown explains the branding on their site. As does Foreshadow (same artist).
Such publicity helps to make the issue mainstream and more shareable and suitable for pick-up by the general media. This helps to make the problem more well-known, as well as the people who created the brand. Just like any other marketing.
Given that it is relatively cheap to get a logo designed (welcome to the gig economy), the return on investment, even for an expensive logo, is huge if it gets picked up by the media.
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
They are all branded by the people discovering them. There's even a note on the wiki for Heartbleed:
Logo representing Heartbleed. Security company Codenomicon gave
Heartbleed both a name and a logo, contributing to public awareness of
the issue.
Spectre/Meltdown explains the branding on their site. As does Foreshadow (same artist).
Such publicity helps to make the issue mainstream and more shareable and suitable for pick-up by the general media. This helps to make the problem more well-known, as well as the people who created the brand. Just like any other marketing.
Given that it is relatively cheap to get a logo designed (welcome to the gig economy), the return on investment, even for an expensive logo, is huge if it gets picked up by the media.
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
edited Aug 15 at 13:01
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
answered Aug 15 at 12:46
schroeder♦
64.8k25138175
64.8k25138175
1
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
8
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
16
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
add a comment |Â
1
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
8
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
16
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
1
1
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
Ha ha, interesting to know how these things work. I read about this before but never bothered to check in more detail.
– sir_k
Aug 15 at 13:44
8
8
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
Also makes it easier for those in the industry to discuss it. Sysadmins will prefer saying "Have we patched Spectre yet?" rather than going by its CVE number. Also makes it a lot easier to communicate to upper manglement and other shareholders.
– flith
Aug 16 at 6:19
16
16
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
@flith hehe "manglement" - I have not heard that one in a while
– schroeder♦
Aug 16 at 7:49
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f191595%2fwho-brands-vulnerabilities%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
Which is easier to communicate about, CVE-2014-0160 or Heartbleed?
– Andy Lester
Aug 16 at 21:50