It's
kind of hard to admit that your current strategy leads to a dead end… Hard,
but liberating.
I initially
started this blog because I was searching for a way to sort through an insane
amount of tools I collected over the years - so we can all weed out the irrelevant
and stick with what works.
Obviously,
things got a little complicated, and after doing double shifts and spending half
my nights over the past 4 years on comparisons, I realize now that I only
covered 60-70 tools.
Sure,
I had a good reason to do so - learning curve, comprehensiveness, accuracy, credibility,
evolution… but the numbers don't lie.
As
much as I like the idea of a one man army, the current rate is NOT what I
expected, and to achieve something greater, I'll need to get some resources and
some help (yeah yeah, mental too).
Nope,
that DOES NOT mean that I'm about to stop any of my planned activities,
researches or benchmarks. Giving
up is for wusses.
It
does mean, however, that I'm going to make some changes that will enable me to
cover more, even if I have to make some decisions I was dreading and trying
to postpone.
So
what I'm planning for 2013 is to branch out and cover additional types of
tools & products, in addition to vulnerability scanners.
That
means updating WAVSEP with some hybrid issues, becoming less of a control
freak, let go the leash I was so inclined on keeping, and probably even
creating additional comparison platforms.
Yep…
b a c k t o w o r k.
I recently found your blog, especially the posts that talk about vulnerability scanners. This study is very valuable and looks like a kind of reference to me. Thank you so much for that.Right now I am trying to choose a security tool. For that I am collecting many inputs (you blog is definitely one of them) in order to make a pertinent choice.Since you are are about to release the 2013-14 web application scanner benchmark, I was thinking if it was not to late to include it. Well ... may be you already have it in your list....?During my research I found the scanner "Seeker" form "Quotium" could be a solution to study. This was confirmed by several channels.
ReplyDeletesource code security