Thick skin is a necessity for any writer. It doesn't matter if they cover security, politics or do restaurant reviews. There will always be readers who disagree with an article's thesis, and some will do so bitterly. That fact has been amplified in the last few years with the rise of the blogosphere.
My policy is to always respond privately to someone who takes me to task over a column or article. Whether they agree with me or not, they're taking time to offer feedback and for that I'm always grateful. Publically, I'll respond when the feedback is reasoned and shrug it off when someone drags the debate into the gutter with name-calling.
Two recent blog posts deserve the public response here.
The first was a post in the Emergent Chaos blog -- one of my favorites -- called " Who Watches the FUD Watcher" by someone calling himself Mordaxus.
Mordaxus didn't care for one of my recent FUD Watch columns about fallout over security vendor breaches, which I said was appropriate. [See: Security Vendor Breach fallout Justified]
"Brenner watched the FUD as he spreads it," he wrote. "Spare us the gotcha. How can we possibly trust CSO Online as a supplier of security knowledge when they can't even compose a simple paragraph?"
He then asked why FUD Watch is "creating the very sort FUD they claim to watch?"
I responded in the comments section, thanking him for the feedback and offering him the opportunity to take me to task in a column that could run on CSOonline. We run columns under the banner of " Industry View" and this sort of thing fits the mold.
I haven't heard back from him yet, nor have I gotten a response to an e-mail extending the same offer to tranquilo, keeper of the tactical-it blog.
His gripe concerned an article and podcast I put together a few months back in which Fortify's Brian Chess predicted the impending death of pen testing. [See: Penetration Testing: Dead in 2009]