You probably don't care about this much if you don't pay attention the market for security services.
WhiteHat is a well-known VC-funded enterprise appsec company. They sell a SAAS web security scanner. Their founder and now CEO is Jeremiah Grossman, a pretty well-known web security guy.
A year or so ago? WhiteHat released "Aviator", a "secure browser". Aviator, as it turns out, is rebranded Chromium. Chromium is an open-source project, of course. Aviator is (at the time) not.
Fast forward a year. The Aviator browser product has fizzled, like most new products do. WhiteHat executes the "open source the project and make like that's an outcome we are happy about" play, using language which --- corroborated a bit by this post --- signals that the project has been abandoned.
Several hours later, Google star vulnerability researcher Tavis Ormandy tweets(!) an embarrassing drive-by RCE in Aviator.
Hours after that, Justin Schuh from the Chromium security team posts what can best be described as thermonuclear schadenfreude† to his Google+ feed (if you're not a vulnerability researcher, you should know that there are major points for style awarded to a meaningful critique of the branding code in a target).
In response to all this, Robert Hanson (a very well-known web security guy employed by WhiteHat) writes what I would call an ill-advised and transparently prickly response on WhiteHat's blog††, suggesting that WhiteHat has been victimized by their underdog status.
I like some of the people involved with WhiteHat, Hanson among them, but I think Aviator was a very bad idea and I am --- if I am honest, and it's a bit painful to admit this --- kind of happy it failed in the market. For full disclosure purposes I also have to admit thinking very highly of Justin Schuh and being basically in cortisol-redlining mortal terror of Tavis Ormandy.
You probably don't care about this much if you don't pay attention the market for security services.
WhiteHat is a well-known VC-funded enterprise appsec company. They sell a SAAS web security scanner. Their founder and now CEO is Jeremiah Grossman, a pretty well-known web security guy.
A year or so ago? WhiteHat released "Aviator", a "secure browser". Aviator, as it turns out, is rebranded Chromium. Chromium is an open-source project, of course. Aviator is (at the time) not.
Fast forward a year. The Aviator browser product has fizzled, like most new products do. WhiteHat executes the "open source the project and make like that's an outcome we are happy about" play, using language which --- corroborated a bit by this post --- signals that the project has been abandoned.
Several hours later, Google star vulnerability researcher Tavis Ormandy tweets(!) an embarrassing drive-by RCE in Aviator.
Hours after that, Justin Schuh from the Chromium security team posts what can best be described as thermonuclear schadenfreude† to his Google+ feed (if you're not a vulnerability researcher, you should know that there are major points for style awarded to a meaningful critique of the branding code in a target).
In response to all this, Robert Hanson (a very well-known web security guy employed by WhiteHat) writes what I would call an ill-advised and transparently prickly response on WhiteHat's blog††, suggesting that WhiteHat has been victimized by their underdog status.
I like some of the people involved with WhiteHat, Hanson among them, but I think Aviator was a very bad idea and I am --- if I am honest, and it's a bit painful to admit this --- kind of happy it failed in the market. For full disclosure purposes I also have to admit thinking very highly of Justin Schuh and being basically in cortisol-redlining mortal terror of Tavis Ormandy.
† https://plus.google.com/u/0/+JustinSchuh/posts/69qw9wZVH8z
†† https://blog.whitehatsec.com/aviator-open-source-day-1/