The launch of vsociety, a social network for security professionals that intends to facilitate peer-to-peer networking and open source collaboration on vulnerability research, was announced by Vicarius during the Black Hat USA 2022 conference. The vsociety community has established itself as a valuable research hub in the short period since its founding, with numerous original research articles published exclusively to the cybersecurity social network. One of these, a novel proof-of-concept exploit aimed at the Google SLO-Generator, submitted by the anonymous user ‘M,’ describes how to exploit it as well as how to fix and patch it.
“Knowledge sharing is critical to ensure growth of the Infosec community, and with vsociety’s community model and intuitive design, it is the best place to publish original research,” said ‘M’, researcher.
Vicarius emphasises the necessity for an open source platform that is not directly impacted by a specific solution or user group, thereby fully democratising information awareness surrounding security research as a whole. The concept of vendor user communities is not particularly original. The site promotes original security research and discussion on relevant topics, enabling users to gain from the revelation of unique vulnerabilities and build relationships with their peers.
Users can create content, participate in discussions about hot security concerns, and provide solutions, insights, and analysis on user generated content by registering for a free account. Additionally, the vsociety feed is continuously updated with the most recent Critical Vulnerabilities and Exposures (CVEs) in real-time, enabling users to post condensed, human-readable descriptions of recently discovered vulnerabilities for the community to consume – as well as remediation scripts to thwart them.
It is important to note that individuals interested in conducting large-scale cyberattacks and malevolent actors have historically used the strength of organisation to carry out their activities. Assraf thinks it’s time to implement similar tactics to strengthen the security response.
“We created vsociety to strengthen the bonds between DevSecOps, sysadmins, security engineers, and researchers, encouraging participation from every subsector. We hope this leads to more discoveries and strategies to push our industry forward. Ultimately, we’re strongest when we share information and work together to make our digital world a safer place.”, Assraf continued.
Numerous talks with security researchers who highlighted a desire for a vendor-free community space where they could collaborate to find solutions led to the creation of vsociety. The founders emphasise that the community is free from vendor interference and is governed by its members. Users can post user-generated remediation scripts for the good of the larger community, and content and debates remain neutral.