Scanners

Larry Suto, who brought scanners wars 1 and 2 has published a WAF effectiveness research. As usual, Larry’s work is fun to dissect. While Larry’s research is not worse than your average analyst’s work, he does try to base his conclusion on more concrete and pseudo-scientific research making it much more vulnerable to scrutiny.

The social value or software patents and therefore their validity is long disputed. While the popular notion of patents is that they are a method to incentivize innovation, the social contract enacted by patents is more elaborate. Patents are a limited property right that a government offers to inventors in exchange for their agreement to share the details of their inventions with the public. The latter part, which is the value of patents to society at large, is often overlooked by the modern day patents mega industry.

Larry Suto, an application security consultant, publish a sequel to his 2007 best seller research about web application scanners. In the first round Larry managed to ignite quite a controversy and drew a lot of criticism from the loosing vendors. The reason is simple: Larry found out that the scanners do not perform as well as advertised.