January 31, 2007


Welcome to Hackistan.

Be sure to check out the Dictator's Blog as he battles Fortify Software.

Posted by Abner at 01:51 PM

January 30, 2007

NY Times on the "Market" For Software Vulnerabilities

NY Times has an interesting piece today on the "market" for software vulnerabilities. Market is in quotes since there are a limited number of open market buyers and the vulnerability market is one of the few where the seller has to make a decision between selling to a good guy or bad guy. Layer in the used car effect where the vulnerability finder may have a better view of the capabilities of a new exploit than the buyer (assuming an exploit exists) and the vulnerability market is clearly an inefficient and scary place. Finally, vulnerabilities used to trade primarily in publicity currency, but now there are places where they can be sold, albeit not for enough to equal the average salary of a high end security researcher at any of the major IT or security vendors.

Posted by Abner at 10:17 AM

January 11, 2007

Not marketing security, marketing *during* security

Coming to an airport near you: advertisements in the bins they run through the X-Ray machines.

The only messaging I've seen done well in these lines is the movie the Las Vegas airport shows with movie characters demonstrating how to keep the line moving. Right, and then the guy who sings a similar set of show tunes in San Francisco.

The company pitching these is called Securitypoint Media.

Posted by Abner at 11:40 AM