Sunday, May 19, 2013

Security Benchmarks & Comparisons – Plans for 2013


It's kind of hard to admit that your current strategy leads to a dead end… Hard, but liberating.

I initially started this blog because I was searching for a way to sort through an insane amount of tools I collected over the years - so we can all weed out the irrelevant and stick with what works.

Obviously, things got a little complicated, and after doing double shifts and spending half my nights over the past 4 years on comparisons, I realize now that I only covered 60-70 tools.

Sure, I had a good reason to do so - learning curve, comprehensiveness, accuracy, credibility, evolution… but the numbers don't lie.
As much as I like the idea of a one man army, the current rate is NOT what I expected, and to achieve something greater, I'll need to get some resources and some help (yeah yeah, mental too).

Nope, that DOES NOT mean that I'm about to stop any of my planned activities, researches or benchmarks. Giving up is for wusses.

It does mean, however, that I'm going to make some changes that will enable me to cover more, even if I have to make some decisions I was dreading and trying to postpone.

So what I'm planning for 2013 is to branch out and cover additional types of tools & products, in addition to vulnerability scanners.

That means updating WAVSEP with some hybrid issues, becoming less of a control freak, let go the leash I was so inclined on keeping, and probably even creating additional comparison platforms.
Yep… b   a   c   k      t   o      w   o   r   k.

1 comment:

  1. I recently found your blog, especially the posts that talk about vulnerability scanners. This study is very valuable and looks like a kind of reference to me. Thank you so much for that.Right now I am trying to choose a security tool. For that I am collecting many inputs (you blog is definitely one of them) in order to make a pertinent choice.Since you are are about to release the 2013-14 web application scanner benchmark, I was thinking if it was not to late to include it. Well ... may be you already have it in your list....?During my research I found the scanner "Seeker" form "Quotium" could be a solution to study. This was confirmed by several channels.
    source code security

    ReplyDelete