July 06, 2009, 7:07 AM — Last week security researcher Aviv Raff launched a new feature on his Twitter security threat Web site. Called the Month of Twitter Bugs, the site will describe a Twitter bug a day in order to raise awareness of Twitter API concerns and third-party services that leverage them, and to warn end users of potential problems with the software and systems they use.
The posts will take a limited disclosure approach, meaning it will notify Twitter and its partners of high-risk vulnerabilities 24 hours in advance of posting in order to give them an opportunity to come up with a fix before the information about the threat goes public.
This isn’t the first time Raff has dedicated a month to raising public awareness about security threats found in a certain technology; in July of 2006 Raff was part of the Month of Browser Bugs. That initiative was successful enough to make browser vendors pay attention to the vulnerabilities in their products, he says, and hopes the same will happen with Twitter.
Raff says he’s aware of enough vulnerabilities in Twitter to easily fill a month’s worth of posts, though he invites others to send him vulnerabilities they find in third-party Twitter services.
The Symantec Security Response team said it will monitor the posts about Twitter threats closely, and may even “create a Twitter account and tweet about them ourselves.”
Do you tweet? Follow me on Twitter here.
