The problem with this strategy is it runs the risk of reassigning resources from the most dangerous vulnerabilities (which infosec-trained sysadmins and developers know how to judge) to those with the best marketers and designers behind their team. It's the same as Oracle DB deals being sold to executives over rounds of golf instead of to the developers who will actually work with the service. To be clear, I'm not sales-phobic or anti-design, I just don't think that security vulnerabilities need to be marketed.
The only argument I can see would be consumer awareness, but that might be worse than anything else - just look at the mass hyperbole being thrown around right now about the alleged direct North Korean involvement in the Sony hacks, a contention which few people in the security world appear to take seriously. I guess find a way to get hotfixes out reliably?
> To be clear, I'm not sales-phobic or anti-design, I just don't think that security vulnerabilities need to be marketed.
I understand this worry, but I don't think executives will ever see sites like this... except when engineers say HOLY HANNAH WE NEED HOURS TO FIX THIS RIGHT NOW, and the executive says "I have a fixed budget, and this doesn't make me money."
Then this site is brought up. And the world is better.
Hmm. So maybe, within the bowels of listservs and whitepaper archives, we hide a secret repository of slick, sexy marketing pdfs that engineers can print, cover in a shiny plastic folder, and strategically deploy as a measure of last resort.
Or just work to make developer<->management communications more effective.
I think you've captured the absurdity of the scenario quite well. Unfortunately, I don't have quite the poker face to pull off a claim like "developer <-> management communications aren't absurd".
To be slightly more fair: it's pretty easy to think "if solving this problem was really important, it would already have a budget, like how hurricanes get disaster relief". And so spending $100 on a logo helps people not dismiss the urgency.
This whole situation is not amazing. But an emergency isn't the time to start working on developer <-> management communication problems -- at that point, whatever gets the job done is great.
The only argument I can see would be consumer awareness, but that might be worse than anything else - just look at the mass hyperbole being thrown around right now about the alleged direct North Korean involvement in the Sony hacks, a contention which few people in the security world appear to take seriously. I guess find a way to get hotfixes out reliably?