We've closed the poll, and the results for our attempts to weed out candidates for a collective noun for security vulnerabilities are in.
To recap: the recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, was required. We can talk about a pack of lies and a wad of notes, but there's no collective noun for vulnerabilities, for shame.
We're living in times when the higher profile vulnerabilities – Heartbleed, Shellshock and running up until the recent Stagefright Android bug – have their own catchy names and even logos. Now a group of vulnerabilities needs a catchy moniker.
Security bugs even have their own awards, thanks to categories within the Pwnie Awards that take place during the Black Hat conference in Las Vegas every year. We're well beyond referring to bugs simply by their CVE* numbers. It's surely only a matter of time before security bugs are anthropomorphised, like cartoon animals. A group of bugs simply can't hold this the sum of all our infosec fears.
After a short brainstorming session we put some candidates for a collective noun to the vote, which has returned the following result:
- Hatstand: 258 votes
- Windows: 161 votes
- Plague: 148 votes
- Panic: 145 votes
- Nest: 135 votes
- Scourge: 126 votes
- Overflow: 122 votes
Aside from showing what a contrarian lot Reg commentards are, the poll showed a general tiredness with the overused term of cyber, which got kicked into the long grass (it scored a paltry 15 votes). Although "hatstand" ran away the contest, we won't be using the term exclusively. English, of course, allows for more than one collective noun for a group of things. For example, the collective noun for dragons is "flight" but "weyr" or "wing" are also permissible.
Sticking with one or two terms might get tired (or worse, boring) really quickly, so we're offering all seven of those that did well in the poll as options for collection nouns. Greedy? Maybe. But we need to mix it up, and seven is as good a number as any (seven deadly sins, anyone?) They're our selection – at least until we find something better.
* CVE stands for Common Vulnerabilities and Exposures, the industry-wide system for uniquely identifying security bugs.