> Rather than see "take a blindfolded shot at the system"
> firewalls tests, I'd rather see: "here is a detail of our design,
> take it and study the exact configuration you will be attacking
> and come back in a week with testing tools" approach. Anything
> else is security through obscurity, and hopefully we've learned
> that that's not very good.
So how about doing the Firewall industry equivalent of the NFS industries
week-long Inter-Op conference. No marketing weenies allowed, just technical
people from each participating vendor attacking each others machines to
help improve the industry. No technical results will be published.
If some vendor just wants free development help, don't help. Just
point out to each other the weaknesses found.