December 3, 2003
Santum and SPI Dynamics Web App scanner shoot-out
Starting to look at web application scanners. January 2003 - Wide Open on Port 80 - How good are Web app scanners at rooting out vulnerabilities? We test two of the leading tools head-to-head to find out. This review of the two leading ones is interesting. It leaves something to be desired though. I understand network vulnerability scanning, you have lots of standard devices in lots of places. With web apps each one is a custom app. There are logic errors. There are specific features on them like the fuzzy numbers/letters that are there to specifically thward bots from running the app. You gotta have some human intervention.
November 13, 2003
New CSO council of heavyweights
Looks like some serious companies are getting together to pow-wow about security. New CSO Council A good place for start-ups to go a'call'n.
October 9, 2003
New SAN/FBI top 20 vulnerabilities
Read 'em and weep...SANS Top 20 Vulnerabilities - The Experts Consensus
September 2, 2003
The virus that is GNU
<a title="GNU's Not Unix! - the GNU Project and the Free Software Foundation (FSF)" href="http://www.gnu.org/">GNU's Not Unix! - the GNU Project and the Free Software Foundation (FSF)</a> has created a virus that threatens the entire software world. It is the GPL. Linking to GPL'ed code can make your code part of it and therefore you do not have much IP protection. This is bad for all software developers. My friend Troy sent a good link to a well thought through tread on the subject:
One of the lists I skim, cni-copyright, covered the GPL in pretty good
.. then search for: Open Source Licensing
I'll let the thread stand by itself except to say that the FSF's enforcement of the license has been very consistent and at least *their* intent is very clear. Can't comment about anyone else's intent..