http://www.itworld.com/security-testing xx http://www.itworld.com/security/72334/vulnerability-disclosure-it-blackmail-whitemail-or-bluemail Hackers (or security researchers) come with a range of rainbow colored hats. Some guys'n'gals are nice (the White Hats). They find and disclose problems in communication products using approved responsible disclosure models. Others are in the business for money, and are not satisfied by the fame they get for disclosing problems. The process can easily get close to what some would consider unethical, or even direct blackmailing. http://www.itworld.com/security/72334/vulnerability-disclosure-it-blackmail-whitemail-or-bluemail#comments Career Security Software Opinion security research security testing vulnerabilities Thu, 23 Jul 2009 16:25:21 -0400 Ari Takanen 72334 at http://www.itworld.com http://www.itworld.com/security/64502/fuzzing-and-product-security Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar. http://www.itworld.com/security/64502/fuzzing-and-product-security#comments Security Best practice analyst fuzzing penetration testing QA research security testing Wed, 18 Mar 2009 04:40:30 -0400 Ari Takanen 64502 at http://www.itworld.com