« (FireGPG) Browser-based XSS | Main | Reflections on SSL certificate validation dialogs »

January 22, 2008


Joel Esler

It's been 20 years, and virus writers still write the same viruses.


So in 15 years or so (bringing us to 20) Web Applications will be 100% bug free since we now have Web Application scanners that are regularly updated?


@ Kingthorin - Nothing in the text I wrote above has anything to do with "bugs".

My point was that Anti-Virus vendors chose the path that made them more money, instead of the path that makes more sense and is more secure.

Sadly, Anti-Virus consumers embraced this bad methodology (signature-based security)...


@ Ory I know you didn't say anything about Bugs. I was likening your point about AV to Web App Scanning technologies.

Since the two technologies are so similar what do you feel Watchfire/IBM is doing to prevent the same from being said about Web App Scanners in 15 years?

How things stand now I see Watchfire/Cenzic/SPI all having the same thing said about them in 15 years.

The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Become a Fan