Re: Threat prevention and pro-active open source monitoring

[John Doe <security.department () tele2 ch>]

Am Freitag, 4. Februar 2005 19.59 schrieb Chris Naegelin:
> Can anyone point me in the right direction for any software products or
> vendors that might do this sort of thing:
>
> We want an intelligent agent or a group of agents to search and archive
> various parts of the web / chat rooms / usenet groups based on specific
> content which could be threatening to an organization. To be more precise:
> A discussion initiates on a newsgroup about a possible vulnerability in
> our software product or website. The agent happens to monitor this
> newsgroup and detects the conversation as a potential threat and thus
> creates a report.

I'd say that an _intelligent_ agent would not identify such a discussion as a 
threat to your organisation but tell you to take the discussion as a chance 
to improve your product, since it may be a threat to your customers using 
your (possibly insecure) product.

> I've seen this sort of thing being called "open source monitoring" and may
> even fall under "brand protection" 

Is it possible that you are more interested in suppressing discussions about 
security holes in your software than make it more secure?

> [...]

Just my nooby opinion.