Wednesday, March 05, 2008
Announcing Breakathon 2008
So many folks in the blogsphere, tend to think about security in terms of the features it provides. Industry analysts will talk about (or not) features such as support for XACML, binding to Active Directory and why ECM applications should store content and not users. What they don't talk about is how these particular applications may be exploited by bad guys which is the essence of security.
To help along the ECM and BPM community, I have landed on the notion of a breakathon whereby all vendors in this space can bring their software loaded on a laptop and folks will attempt to break it in front of others. The benefits to the vendors is that they will get the services of otherwise paid penetration testers for free while their customers will develop an understanding of whether the software they procure is truly secure or not.
Of course, the folks breaking software will also get something out of it. It becomes a testament to not only one's profession but also helps others appreciate how weak software really is. Vendors of penetration testing firms will also get access to an audience that may be awakened and realize that they truly need their services, so in other words if you have the right mental model then everybody wins.
I wonder if anyone in the blogosphere has any sense as to which BPM and ECM vendor will not have their software busted. Likewise, which one do you think will go down first and why?
Links to this post: