tag:blogger.com,1999:blog-13756280.post2776065270249165630..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Web Application Security Professionals Survey (Dec. 2006)Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-13756280.post-89363539674770241952006-12-17T05:09:00.000-08:002006-12-17T05:09:00.000-08:00>> Quote: "About half of people using commercial s...>> Quote: "About half of people using commercial scanners say scanner complete about half or less of their workload. The other half of people who don’t say assessment are faster to do by hand, have too many false positives, or too expensive" - <br /><br />This reminds me of something that Bilbo said in LotR: <br />"I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve"Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-44410285744042914822006-12-15T13:53:00.000-08:002006-12-15T13:53:00.000-08:00Thanks maluc, forgot to put that in there. Updated...Thanks maluc, forgot to put that in there. Updated.<br /><br />8) 36 respondents - 57%<br />9) 27 respondents - 43%Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-68547704127882255002006-12-15T13:45:00.000-08:002006-12-15T13:45:00.000-08:00by the way, how did the breakdown look like of the...by the way, how did the breakdown look like of the number of people that answered #8 versus #9?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-56870778600189976682006-12-14T16:42:00.000-08:002006-12-14T16:42:00.000-08:00The people who answered that they ran into WAFs ha...The people who answered that they ran into WAFs half the time have probably tested two sites (one of them had a WAF). Come on! I mean they might be there but they aren't stopping much.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-16737853456200741572006-12-14T15:38:00.000-08:002006-12-14T15:38:00.000-08:00Yah, the bonus question turned out more interestin...Yah, the bonus question turned out more interesting that I though it would.<br /><br />I'll think about how to re-ask the disclosure question and dig a little bit deeper into the opinions of the crowd.<br /><br />And I'll definitely be keeping the surveys going. They're fun! And normally when I get too many "other" answers, it means my answers sucked. I'll work on that.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-52818140044513528682006-12-14T14:16:00.000-08:002006-12-14T14:16:00.000-08:00i especially like the addition of the bonus questi...i especially like the addition of the bonus question.. it's interesting to see a single thought from each of a bunch of sec experts. Although it leaves me itching to know who thought what ^^"<br /><br />Most results i could've guessed, but i'm a bit disheartened over the lack of love for full disclosure :T .. maybe a question like 'how do you feel about full disclosure?: helps fix holes faster, only helps the bad guys, should be illegal, dont care' would give more sympathetic results (or worse?)<br /><br />Please keep up the surveys, it's a valuable insight .. also, for those picking 'Other - Please Specify' can you add the details that are significant if any (for future surveys)Anonymousnoreply@blogger.com