DISQUS

PaulM · 2 years ago

"On the other hand, even a stopped clock, etc, etc: most people in the trenches would say 70% is a lowball estimate."

My sentiments exactly.

I happen to agree with the point Snyder is trying to make, which is that there's a disconnect between scanner findings, app-level vulnerabilities, and actual data booty - a point that is missing from Acunetix marketing stunt for obvious reasons. But in trying to stunt on their stunt, he's let himself get backed into a corner, and the outlook's not good. Either he backs off, or he and McNamara are going to be in hot water with IDG's CISO and legal team. This will be a fun one to watch.

Dave G. · 2 years ago

I think it is actually worse than that. While I am sure they were just loose with language, by offering money to have Acunetix break into someone's website to retrieve credit card information, I am reasonably sure they have committed an illegal act themselves. Of course, I am not a lawyer...

dre · 2 years ago

If Acunetix doesn't win, can I get 1k if I binary patch it to find the required criteria? I don't use web application vulnerability scanners, but I know for certain that it is capable of finding this sort of information very easily. I have seen plenty of these exact findings from people using SPI and Appscan...

If Acunetix does win, I suggest they call the FCC and have them fine IDG to a tune of a few hundred thousand to million dollars for allowing personal information to be stolen from their website.

John Tibbs Jameson · 2 years ago

Did anyone realise that Network World deliberately removed postings of Acunetix from its website?

True they are a vendor but isn't this beyond journalism, our right to know what is truely happening and the constitutional right to free speech?

Network World have lost a loyal customer and Acunetix have gained a new one!

http://www.acunetix.com/news/acunetix_reveals_d...