May 27, 2004

Cnet on tools for secure software development

The market for quality assurance software development tools is huge. Performance, functionality testing, and more are at least a billion and probably more. (I could look it up, but...) However, the same market for security specific QA tools is miniscule in comparison.

Cnet has a decent article on the current state of the market for products that test for vulnerabilities in source code and binaries. Note: the article focuses on a few tools, but misses a some of the companies competing in and around the segment - most of whom have a least a tool or two to assist in secure app development.

A more complete list includes:
- @stake
- Aspect Security
- Application Security Inc
- Cenzic
- Cigital
- Core Security Tech
- Foundstone - aquired by McAfee
- Immunity
- Kavado
- Magnafire - aquired by F5
- Metasploit
- Sabre Security
- Sanctum Inc
- Spi Dynamics
- Secure Software
- OWASP The Open Web Application Security Project

I'm sure I have left a few out, let me know who else should be added to this list. It's been a while since I was tracking this sector with any energy. Two companies conspicuously absent from this list:
- Rational Software (Now owned by IBM)
- Mercury

Posted by Abner at 11:54 AM | Comments (0)

May 25, 2004

If you build it, they will hack it

Anyone can unlock a GSM phone!

Threat model for carriers: loss of control over client devices.

Granted the vast majority of users will never even remove the battery, but classically fraud has been the primary security focus of carriers - as opposed to trying to prevent denial of service attacks. Perhaps the real threat of unlocked phones comes in the form of increased support costs incurred when the user of an unapproved phone calls for support that customer service reps can't handle.

Posted by Abner at 11:22 AM | Comments (0)