The People Who Are Branding Vulnerabilities

antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy "Poodlebleed"), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial "red headed stepchildren" — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next "big bug" after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn't have a company's pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

Fuck That Shit

[sexconker]

Fuck naming shit to appeal to the plebes and media. It's not a popularity contest. It's a fucking security vulnerability that needs to be patched. You don't get points for media mentions.

If you want to think up shitty names for shit you have two options:
1: Go work for some Congressman's lawyer's office and think up names for bills that mean the complete opposite or what the bill actually does.
2: Go work for the restaurant industry and come up fresh and creative hits that can stand alongside "Awesome Blossom", "Crispy Honey-Chipotle Chicken Crispers", "Razz-Ma-Tazz Raspberry Iced Tea", and "Yummy Nummy Chicken Drummies".