WebApp Sec mailing list archives

Administrivia: Webappsec Vendor Directory

From: Andrew van der Stock <vanderaj () greebo net>
Date: Wed, 9 Apr 2008 14:15:12 -0400

Hi there,

** Full disclosure: I work for Aspect Security. This is why I have
refrained publicly posting as it is a conflict of interest. I am
walking a very fine line here. With this post, I aim to represent you,
the webappsec reader in this matter, not my employer nor myself. **

The thread on web app sec companies highlights several issues: it can
be tricky to find them - so a directory is needed, but some folks have
mixed experiences with some companies whilst others love their
favorite vendor, and some folks will post on behalf of their employer
without disclosing that. The responses so far show all of these
attributes. This list is not an advertising service, so I will make it
as vendor neutral as possible.

I will be rejecting any further posts to this thread beyond the ones I
had in my queue. The only exception to the approval to that thread is
for company representatives who feel they need a right of reply to a
post that takes a shot at them.

Instead, to make it fair to all webappsec vendors whilst helping out our
readers, I will:

* Collect all the responses with company names and publish them here
in one single list Friday next week. If you're in this business,
please mail me privately (see my address in the headers) and I will
add your details to the list. You have until Thursday 17th of April to
do this.

* Ask Security Focus if we can make that into a FAQ entry on our
mailing list page. Most likely that will not happen as a) the list is
supported by one of the companies mentioned, and Security Focus itself
is owned by Symantec, who through their @stake arm do this sort of work.

* Ask OWASP and WASC to re-publish the same list as a business
directory on their respective web sites, but most likely that will not
happen as OWASP is about vendor neutrality, and WASC is made up of
many of the vendors mentioned so far.

* If neither FAQ entry comes to pass, I'll make a post on my blog. But
that's an absolute last resort as my blog is in the outer arm of the
blogosphere, and the information will become stale.

thanks,
Andrew, your friendly moderator

-------------------------------------------------------------------------

Sponsored by: WatchfireMethodologies & Tools for Web Application Security AssessmentWith the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

Re: Top webappsec testing vendors? WebAppSec Mailbox (Apr 09)
- Re: Top webappsec testing vendors? Jamie Riden (Apr 09)
  - Administrivia: Webappsec Vendor Directory Andrew van der Stock (Apr 09)
    - Re: Administrivia: Webappsec Vendor Directory bugtraq (Apr 10)
- <Possible follow-ups>
- Re: Top webappsec testing vendors? Bill Stout (Apr 09)