RE: calling all software security tool vendors/freeware/open source project leads

From: Evans, Arian (Arian.Evans_at_fishnetsecurity.com)
Date: 03/14/05

  • Next message: Jeff Moss: "Black Hat Briefings & Trainings: Registration now open!"
    Date: Mon, 14 Mar 2005 15:43:24 -0600
    To: "Kyle Quest" <Kyle.Quest@networkengines.com>
    
    

    Kyle, the big answer is: [comments inline]

    > -----Original Message-----
    > From: Kyle Quest [mailto:Kyle.Quest@networkengines.com]
    > Sent: Sunday, March 13, 2005 2:04 PM
    > To: Evans, Arian; secprog@securityfocus.com;
    > Subject: RE: calling all software security tool vendors/freeware/open
    >
    > the big question is... why would people want to drop everything
    > and run... like puppies... just to participate in what seems
    > to be somebody's commercial project.

    1. _The_reason_: I am going to provide and maintain a list of tools
    related to finding and fixing flaws in application security (code).
    I am going to cover the who, what when, where, features, etc.

    This list will be maintained on www.owasp.org. It will be comparable
    to the SANS tool list (not linked because it's worthless) or Talisker's
    tool list (http://www.networkintrusion.co.uk/). It will be more
    focused and hence (hopefully) more detailed/useful.

    I would think a vendor would want to be listed. To ensure they are
    listed they should contact me. The way you phrased your response makes
    you sound as paranoid of people with agendas as I am. ;)

    2. This project is not vendor driven. It is a personal project,
    started on my own time and largely done on my own time. I will
    host it using someone else's bandwidth where possible.

    If necessary I would host this on my personal website; luckily,
    organizations like OWASP have expressed interest in this.

    3. No one needs to drop anything including puppies to participate.

    In fact, I am very much not a fan of puppy dropping.

    I am BCC'ing secprog, vuln-dev, SC-L, and webappsec again to
    avoid needless cross-pollination.

    -ae


  • Next message: Jeff Moss: "Black Hat Briefings & Trainings: Registration now open!"