Re: Re: Hola from G-Con

["Matt Hargett" <matt () use net>]

> When ISS, Symantec and NAI start hawking patented "block-based fuzzer
creation kits" for 25k,
> are you going to be pissed? I think it would be quite a compliment to have
a whole industry built
> around your ideas. I think we are going to see the same thing with PaX...

If ClickToSecure/Cenzic is any example, $25k is a bit too high for such a
thing other than in a beach head market (and even then it is questionable).
That doesn't even get into the issue of making sure your protocol content
gets the code coverage necessary to uncover the bugs thatbe are hiding a few
states down in a complex state machine, which also became a roadblock. Maybe
the proxy approach solves that problem to some degree, though. I believe the
tools to be very useful, especially when combined with other
methodologies -- it's just making the beach head customers happy enough so
you can break through to the early majority using their references that
makes it scary/unwise for larger companies at this point. In my own mind,
anyways. :)

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave