Dailydave mailing list archives
Re: Re: Hola from G-Con
From: "Matt Hargett" <matt () use net>
Date: Mon, 24 Nov 2003 13:46:48 -0800
When ISS, Symantec and NAI start hawking patented "block-based fuzzer
creation kits" for 25k,
are you going to be pissed? I think it would be quite a compliment to have
a whole industry built
around your ideas. I think we are going to see the same thing with PaX...
If ClickToSecure/Cenzic is any example, $25k is a bit too high for such a thing other than in a beach head market (and even then it is questionable). That doesn't even get into the issue of making sure your protocol content gets the code coverage necessary to uncover the bugs thatbe are hiding a few states down in a complex state machine, which also became a roadblock. Maybe the proxy approach solves that problem to some degree, though. I believe the tools to be very useful, especially when combined with other methodologies -- it's just making the beach head customers happy enough so you can break through to the early majority using their references that makes it scary/unwise for larger companies at this point. In my own mind, anyways. :) _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Hola from G-Con jackkoziol (Nov 24)
- Re: Re: Hola from G-Con Chad Schieken (Nov 24)
- Re: Re: Hola from G-Con Matt Hargett (Nov 24)