isc.sans.org vs. isc.org
Last Updated: 2008-08-04 17:52:32 UTC
by Johannes Ullrich (Version: 1)
Over the last weeks, with all the attention focused on DNS, we have seen a couple of news articles mistaking us (Internet Storm Center) for isc.org (Internet Systems Consortium). Sadly, yet another reminder about how careless some of these articles are researched.
On the plus site: I don't remember seeing a single reader request for BIND patches ;-). I guess our readers are a bit smarter.
A number of security and IT/Networking related organizations use the acronym "ISC". For example ISC^2, the company behind the CISSP ceritfication. There is also an ISC conference dealing with physical security and an "Information Security Comittee" of the American Bar Association. Neither organization has any affiliation with us or as far as I can tell, isc.org.
If there is a possibility to confuse us with other ISCs, I typically try to use "SANS ISC" to clarify.
Just as a sidenote: Our first choice for a name was actually "Internet Storm Watch". At the time a company called Okena (now acquired by Cisco) sold an intrusion detection product called "Storm Watch". They asked us not to use the name "Internet Storm Watch". Luckily this happened before we used that name much and it was easy to change.
So for your BIND patches (and a lot of other good stuff), continue to go to www.isc.org.
Johannes B. Ullrich, Ph.D.
SANS Technology Institute