I like the idea of this, but am concerned by the terminology. <flame-bait> What's being proposed is an organization of *vulnerability* researchers. There are MANY other kinds of security researchers, including those who design new forms of access controls, security models, intrusion detection systems, security tools, etc. Security researchers publish results in peer-reviewed conferences and journals, and their goal is to improve understanding of security and provide mechanisms and tools. Vulnerability researchers are focused on finding vulnerabilities in existing software, which is a valuable contribution. While there's substantial overlap in end goals, they (mostly) don't design security systems. And they very rarely publish results in peer-refereed conferences and journals. So in defining this organization, let's not call it something it isn't. One isn't better or worse than the other, but they're not the same thing. </flame-bait> --Jeremy
