BugTraq was launched in November 1993 and was one of the first mailing lists dedicated to exposing weaknesses.
BugTraq, one of the first mailing lists in the cybersecurity industry dedicated to publicly disclosing security errors, announced today that it will close at the end of the month, January 31, 2021.
The site played an important role in building the cybersecurity industry in its early, emerging days.
Founded by Scott Chasin on November 5, 1993, BugTraq provided the first intermediate site where security researchers could expose risks after vendors refused to release patches.
The site has been around for years in the official gray area. Discussions on the site about the legitimacy of “exposing” security breaches where traders refuse to patch the layers are what have created many guidelines for exposing risks, axioms in which many pest hunters work today.
Today, it sounds reasonable for a security researcher to disclose information about an insect that has been patched or stained, but back then, that information was often contradictory, sometimes leading to many legal threats.
But over time, BugTraq’s popularity and values prevailed. The site became the first site where a major risk was announced at a time when researchers were not able to easily manage their sites and blogs.
The same list of bugs has been released following the original BugTraq model, and many security firms established over the years often end up scratching the site’s content as a basis for their risk profile.
BugTraq also shook hands several times, from Chasin to Brown University, and then to SecurityFocus, which was acquired by Symantec.
The site death started in 2019 when Broadcom acquired Symantec. Three months later, in February 2020, the site stopped adding new content, leaving only an empty shell.
Today, the finalists of the site have verified the status of the news portal and officially made the passage of BugTraq to infosec lore.
“At this time BugTraq address list services have not been prioritized, and this will be the last message on the list,” the message read.
Although many have seen it coming, the announcement of the site caused a tremendous explosion of modern cybersecurity veterans, many of whom had started or worked on the mailing list since its launch.
“I would liken it to the impact Twitter has now on the way we communicate today,” said Ryan Naraine, former director of security programs at Intel, and one of the veterans in the cybersecurity industry.
“Apart from the fact that it was compulsory to be there [on BugTraq] for live advice and recommendations on what was not a fully-fledged security industry.
“Lots of great news was originally announced at BugTraq and FullDisclosure [another list of similar addresses],” Naraine said.
“It’s a place where the Litchfield’s made a name for themselves in the early days. I remember David Litchfield throwing away Oracle research tools and research.
“It was a connecting watercooler that came out as a security industry.”