Tuesday, November 21, 2006

Secunia Sponsoring Marketing?

An interesting concept was pointed out by Oliver in Marketing for Security Companies Now Via Secunia.
A great new opportunity for IT security companies which sell products to detect bugs in software automatically (static analysis) - report some vulnerabilities after running your program on a bunch of software applications and feature your own product in the “Provided and/or discovered by” field without ever giving details of the error! The last one is important, never give details! That’s sleek, that’s modern that’s seemingly a new initiative by Secunia to support third party security companies. One of the first to take advantage of this new initiative is GLEG Ltd. from Russia.
[/sarcasm ]"
Indeed, if Secunia is going to accept and document “unspecified errors” as proof of concept for issuing advisories, they are providing a way for discrediting companies without substantiation. It appears that a "word to the wise" may now be required when reading the Secunia advisories.

No comments: