Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:27 AM
Connect Directly

Ranking Bugs, Saving Pigs

The man behind the SANS Top 20, Rohit Dhamankar, calls out bugs - and animal rights

His first hack may have been his most fortuitous: Rohit Dhamankar and his classmates in India had to hack into and use their engineering professors' email so they could apply to graduate schools in the U.S. "We didn't have email back then," he says of he and the other students at the Indian Institute of Technology in Kanpur who switched their names onto the accounts. "So we got into our professors' email accounts so we could send email. Some of them had never used email before, so they weren't checking it regularly."

Figure 1:

This is the same guy who today is responsible for choosing and ranking the world's top security vulnerabilities each week (as well as yearly) for the SANS Institute, and whose day job is senior manager of security research at TippingPoint. His desperate email crack back home in India landed him at the University of Texas at Austin, where he eventually switched from physics to electrical engineering. He got his first job in 1999 with Cisco Systems, where he worked as a software developer on intrusion detection and scanner products.

Dhamankar, 32, admits the SANS vulnerability list he compiles doesn't change drastically from week to week. About every six months, however, he witnesses a shift in the types of attacks underway. He's watched bug trends go from pervasive worms to phishing and spyware, and to client-side vulnerabilities in applications like Microsoft Office, he says.

Being the final word on vulnerability rankings isn't always a popular job, like the time in 2005 when he decided to put the MacOS on the SANS Top 20 list, a gutsy move that ticked off some rabid Mac users who cursed him and SANS publicly for calling out their beloved OS. But Dhamankar still stands by his then-controversial choice because he says he felt it was time MacOS users became aware of the bugs in the OS.

He thinks SANS' ranking system works, although it ultimately comes down to him to make the final call. Dhamankar sends out his strawman list to a panel of experts from enterprises, universities, security consultants, and vendors, who all put their heads together. "We seek out other users and ask if the list is useful to them," he says. "Nobody says 'you guys suck.'"

There is some overlap with his work at TippingPoint. Dhamankar basically manages the security research team responsible for TippingPoint's intrusion prevention systems. They analyze new vulnerabilities and attacks, and write signatures for the company's IPS products.

When he's not analyzing and ranking bugs, Dhamankar sings. He takes classical South Indian music vocal lessons and, from time to time, performs around Austin, where he's stayed since leaving India for UT. "I help promote the Indian classical music scene," he says. He also works with a battered women's organization. "These are women from ethnic backgrounds that come to the U.S. and are not treated well by their husbands."

Vulnerability is a theme with Dhamankar, for sure: He's also an animal lover, who wears a PETA t-shirt to work with a picture of a pig and "I Don't Have ANY Spare Ribs" emblazoned on it. Why People for the Ethical Treatment of Animals (PETA)? "There's the same problem with pigs and cows" and other animals being mistreated as there are with dogs and cats, he says. "Growing up in India, there were places where cows were in the cowshed, and they were very loving and intelligent, too." He witnessed cows who would only allow people they were familiar with to milk them, for instance.

Animal rights and security work sometimes mix, sometimes not, he says. "There are some people in the security industry that are like me, PETA supporters," he says. "And there are lot [who are not], with dark t-shirts, colored hair, and eating a lot of meat," he adds with a laugh.

Personality Bytes

  • What freaks him out: "We see a lot attacks come out of China, which freaks me out... They are going for all different kinds of attacks. It's kind of scary when you don't know what they are up to."

  • IDS dead?: "I do believe that technology is past its time. You should move to IPS now."

  • Phobia: "Hydrophobia. I've always had a fear of water, but I'm trying to get over it, taking swimming lessons. You see those kids at the pool out there, and you're petrified to go out into the deep and tread water. It's one of my challenges."

  • What his co-workers don't know about him: "They haven't heard my singing."

  • Favorite hangout: "Mozart's. It's right by the lake in Austin... a coffee place with live bands."

  • In his music player right now: "Indian classical music, but I'm trying to broaden my music range."

  • Comfort food: "Thai, Chinese, Indian, Italian."

  • Ride: "Honda Civic. It's a stick shift, nothing fancy."

  • Best Friend: "l love my dog -- Lance, an eight-year-old German Shepherd."

  • Next career: "I do hope someday to make enough money to retire and full-time work on learning music, and propagating that, and working more with nonprofits."

    — Kelly Jackson Higgins, Senior Editor, Dark Reading

  • TippingPoint Technologies Inc.
  • The SANS Institute
  • Cisco Systems Inc. (Nasdaq: CSCO) Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Threaded  |  Newest First  |  Oldest First
    Why Vulnerable Code Is Shipped Knowingly
    Chris Eng, Chief Research Officer, Veracode,  11/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-12-04
    An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
    PUBLISHED: 2020-12-03
    Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
    PUBLISHED: 2020-12-03
    In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
    PUBLISHED: 2020-12-03
    HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
    PUBLISHED: 2020-12-03
    An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.