[WEB SECURITY] Webappsec Vendor Directory

Arian J. Evans arian.evans at anachronic.com
Wed Apr 9 15:32:01 EDT 2008


You are such a darn smart chap, Andrew. Always ahead of me.

I was just about to send an email to this lists this morning
asking someone to do this very thing. I refrained because

We should make it clear it's not a "PCI or *advertising
approved* vendor list, but I think this is a good idea.

I'd really love a voting or recommendation system. There's
ways to ensure non-gaming systems (count anonymous
as 1/10th point; require registration and disclosure of
employer or affiliations; enough info to verify identity, etc.).

There's plenty of new folks looking for reasonable services
that simply have no idea where to begin.

Like the OWASP Tools list I started years ago, a vendor
directory, especially if we could *categorize* services
offered, would be GREAT.

IMHO

-- 
-- 
Arian Evans, software security stuff

reformed hacker turned animal rights activist to meet vapid chicks concerned
with those tasty animals


On Wed, Apr 9, 2008 at 11:15 AM, Andrew van der Stock <vanderaj at greebo.net>
wrote:

> Hi there,
>
> ** Full disclosure: I work for Aspect Security. This is why I have
> refrained publicly posting as it is a conflict of interest. I am
> walking a very fine line here. With this post, I aim to represent you,
> the webappsec reader in this matter, not my employer nor myself. **
>
> The thread on web app sec companies highlights several issues: it can
> be tricky to find them - so a directory is needed, but some folks have
> mixed experiences with some companies whilst others love their
> favorite vendor, and some folks will post on behalf of their employer
> without disclosing that. The responses so far show all of these
> attributes. This list is not an advertising service, so I will make it
> as vendor neutral as possible.
>
> I will be rejecting any further posts to this thread beyond the ones I
> had in my queue. The only exception to the approval to that thread is
> for company representatives who feel they need a right of reply to a
> post that takes a shot at them.
>
> Instead, to make it fair to all webappsec vendors whilst helping out our
> readers, I will:
>
> * Collect all the responses with company names and publish them here
> in one single list Friday next week. If you're in this business,
> please mail me privately (see my address in the headers) and I will
> add your details to the list. You have until Thursday 17th of April to
> do this.
>
> * Ask Security Focus if we can make that into a FAQ entry on our
> mailing list page. Most likely that will not happen as a) the list is
> supported by one of the companies mentioned, and Security Focus itself
> is owned by Symantec, who through their @stake arm do this sort of work.
>
> * Ask OWASP and WASC to re-publish the same list as a business
> directory on their respective web sites, but most likely that will not
> happen as OWASP is about vendor neutrality, and WASC is made up of
> many of the vendors mentioned so far.
>
> * If neither FAQ entry comes to pass, I'll make a post on my blog. But
> that's an absolute last resort as my blog is in the outer arm of the
> blogosphere, and the information will become stale.
>
> thanks,
> Andrew, your friendly moderator
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire Methodologies & Tools for Web Application Security
> Assessment With the rapid rise in the number and types of security threats,
> web application security assessments should be considered a crucial phase in
> the development of any web application. What methodology should be followed?
> What tools can accelerate the assessment process? Download this Whitepaper
> today!
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> -------------------------------------------------------------------------
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080409/6f20f967/attachment.html>


More information about the websecurity mailing list