Trilight Zone

[trihub]

Source: http://www.xiom.com/whid/blog



One of the issues haunting WHID since its inception two years ago is inclusion criteria: which incidents get in? WHID goal is not to provide an alternative to Zone-h defaced sites archive or ScanSafe's Threat Alert which tracks malware planted on web sites. WHID aim is to be provide a tool for decision makers and researchers to understand the real world impact of web hacking, and to achieve that WHID limits itself to "meaningful" incidents. To achieve this goal, I continuously try to nail WHID inclusion criteria. It is not easy to translate "meaningful" to absolute and objective criteria. The criteria I came up with so far are:

* Real incident: the bad guys did something, it is not just the good guys that disclosed a vulnerable site.
* Known or highly suspected to be a result of a web hack.
* Interesting. This is the tough one and highly subjective one. By interesting I usually mean one of those:
o Not something that happens daily.
o A high profile target.
o The damage done was significant.
o The incident is just a "very good story".

If you have an incident that falls under these criteria and is not at WHID, I would love to here about it. I would also like to here if you feel that these criteria are not correct. One thing I know and don't need you to tell me is that there are incidents in WHID that do not satisfy the criteria above: the criteria change and I don't always go back and filter again past incidents...