Fred Cohen asks about the difference between SNS and Sidewinder...
First, they are completely independent and separate developments. A
bug in one doesn't necessarily imply a bug in the other. The
specification documents are completely different.
Second, there are a bucketful of government contractual issues that
keep us from using the same testing on both systems. You risk a jail
cell if you use stuff developed under government contract without
Third, lots of the "security testing" is in fact tests of internal
interface specifications. The two systems are miles apart at that
level. For instance, they have somewhat different sets of type
enforcement permissions, so the type enforcement testing is completely
Mundane tests of external behavior like SATAN are run against both.
We built some of our own, too, of course.
com roseville, minnesota