"Excuse me for not exactly being a huge fan of 'security lists' and best practices. They seem to be _entirely_ based on PR and how much you can talk up a specific bug. No thank you."
It is true. It is much about security people want to be known and so for finding the vulnerability. So, sure you can say its about PR.
But most people want credit for their achievements. :)
At least, they publically make available the vulnerabilities and forces the vendors to fix them.
Recent news articles, paraphrased:
Professional security researcher Dan Kaminsky blah blah Dan Kaminsky blah blah DNS blah blah. Blah blah Security researcher Dan Kaminsky blah blah Kaminsky and major vendors blah blah flaw in DNS blah blah Kaminsky. Kaminsky, a security researcher, blah blah.
I get it. There's a security researcher named Dan Kaminsky. Oh, and I guess there's something about DNS.
Ok, they're not QUITE that bad, but it did seem over the top to see the guy's name about 5 times in one short article.
And yes, people do like to take credit for their achievements. There's taking credit, and there's grandstanding. This DNS thing is starting to feel like the latter. Kaminsky (a professional security researcher, so I hear) has stated he didn't want people to steal his thunder before his own presentation August 6th.
Program Intellivision and play Space Patrol!