RE: Security Search Engine

["Murda Mcloud" <murdamcloud () bigpond com>]

Hi Saqib,
Couple of thoughts came up
1. excellent idea
2. When you say 'exclude vendor specific' I can see this includes open
source sites/tools/communities? Eg snort/wireshark I guess they're not
really vendors but are still 'competing?' 'co-opeting?'(if there is such a
word).

3. Independent info isn't always 'good' info-I'm thinking along the lines of
amazon's 'reviews' and also I remember a site by a guy named 'Black Viper'
who had a comprehensive list of windows services that could be tuned
according to 'some testing' he had done on his sytem. As far as I could tell
lots of people took his advice at face value and not many people checked out
his methods. I suppose the usual disclaimers apply.
4. Is it just coincidence that securityfocus comes up at the top so often;-)
and are they a vendor-associated site(I know, they have plenty of disclosure
about who they're owned by and I use the place every day and place a fair
amount of trust in what I read there.)
5. also, 'news articles' can often be beat ups for products too(not sure if
they're included-will check in a moment)-I'm trying to think of a specific
example but it's too early in the morning.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Kelly Martin
Sent: Thursday, October 26, 2006 4:32 AM
To: Saqib Ali
Cc: security-basics
Subject: Re: Security Search Engine

Saqib,

Looks like you're using the new Google custom search tool. I think it's 
a good idea and useful. One suggestion: maybe you could include a link 
that lists the sites you've included, so people can see what's being 
indexed and suggest others as well? I like the vendor-neutral approach.

Someone's comment about certain vendors like Cisco having all their 
security documents on their website is a good point, but there may be a 
way to limit a search to just those areas (and not include marketing 
material). Although people looking for Cisco info will likely go 
directly to Cisco anyway, so it may not be needed.

We use an open-source search engine on SecurityFocus. Google does a 
great job with search overall, but one thing I noticed is that they 
don't index mailing list content very well. For that reason we also have 
a drop-down box on our search to limit searches to a specific list or 
area, like SEC-BASICS or BUGTRAQ or all 34 mailing lists. It's not 
always the most intuitive but sometimes a fine-grained approach works 
really well when you're looking for something specific.

Sometimes blogs have useful security info too, what are your thoughts on 
including some of those?

Best regards,
Kelly


Saqib Ali wrote:
> Hello All,
>
> I am building a Search Engine exclusively for the Security and
> eSecurity Community using Google's Coop program.
>
> I would like to NOT include any vendor site but just index sites that
> are vendor neutral. Would this is be a good strategy or not?
>
> The URL for the search engine is
> http://www.xml-dev.com
>
> Any suggestion, or new URLs are welcome.
> Note: I won't include any security vendor website in the index for right 
> now.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------