Every week someone, or several people, think their 140 characters is worth me spending an hour+ writing an article for them. They noticed some plagiarized text or think someone is a fraud, and they turn around and expect me to research and document it. For years now, I get mail to Errata with a single link or a couple lines of commentary, along with the expectation that is all that is needed. Voila! An article will magically appear. These days, I don’t even get an email, just a Tweet or two.
I’ve said it before, many times. I’ve given an entire presentation on the project twice. I’ve told people in person, in email, and on Twitter. For the last time:
Errata was designed to be a community project. That’s “crowd-sourced” for you new people. A couple people serve as a clearinghouse for well-written, well-documented articles. No names on the articles because if they are properly referenced then attribution is not an issue. Then the clearinghouse stands up to defend the work as needed. Simple concept.
If you are in the security industry and cannot write an Errata article, get the fuck out now. You are simply too stupid and too dangerous to be advising anyone on something so important as security. Sure the articles take a little time because they have to be solid on making logical points, being organized, and citing public information that justifies any accusations or conclusions. But anyone that does penetration testing or auditing or system maintenance should be familiar with documentation along these lines. They are not difficult to write, they are time consuming.
If it bothers you that someone plagiarized or is selling snake oil, and it should, then take the time to write your own blog. Enough of us have stood up and defended our work. We’ve shown that you can do it, quite safely, if you are responsible in your work. If you still feel it risky, write the article and send it over. Do the leg work, we’ll provide the safety net.
Until you send such articles, don’t volunteer me to write them.