Re: Immunity Debugger on eWeek

["Isaac Dawson" <isaac.dawson () gmail com>]

I'd say chalk that one up to FUD. I love the "near automatic" commentary,
also it's pretty easy to tell this journalist doesn't really know what they
are saying. The fact that she did not even read that the tool is called
"Immunity Debugger" not Debugger says quite enough for the rest of the
content of the article. Also I bet some people at McAfee aren't too pleased
with the managers response. Why is it journalists always talk to the
managers and not the technical people? Just easier to get a hold of and get
their 2 cents worth? Doesn't he know that Foundstone creates tools to "find
bugs easier", and in fact has many training materials to help people learn
how to find web vulnerabilities?

> > > Marcus said he doesn't think that "the bug exists already" argument is a
good one. "Yes, we know that," he said. "We know the bugs are in the code.
But making more and more tools" to make it easier to find those bugs, that,
he said, is not going to make his customers happy.

"They'll all do this," he said, rolling his eyes to the ceiling. "'Great!'"
<<<

Gold Jerry, Gold.
-isaac




On 8/6/07, Hybridus <hybridus () gmail com> wrote:
> http://www.eweek.com/article2/0,1895,2166829,00.asp
>
> <>What it means is more zero days, Marcus said. "And that's certainly
> not a good thing.(Why?) I think you'll see a spike in zero days, and
> contributions to the zero-day initiative, because it makes it easier
> to find vulnerabilities.</>
>
> Vulnerability is already out there, people/tools don't create them.
> I don't understand what's the matter with zero days..
>
> --
>
> --
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave