After days of cringing as these emails come through, I am going to chime in briefly.
If there is such a glaring hole in the Coldfusion platform, and there is a need for it to be filled, is there an obvious business/product opportunity here? The Coldfusion ecosystem is large, and as the title suggests, has a really, really long tail. (Says someone who finally shut down his last Coldfusion 5 system last calendar year) Would you people that think it needs work be willing to define the require functionality you think is missing? As in specific vulnerabilities, and suggestions for how to test it? I am sure there are solid developers here who, if they saw a compelling reachable product, might jump on this. And if it turns out to be doable and cost effective, i would also bet that Adobe (or one of their competitors, or both) might purchase that technology and bundle it in future versions. I am picturing a 2-fold system. A web-based "scan for common vulnerabilities from outside", and a more detailed "scan the system from inside". (There are a number of comparable systems out there. WordPress security scanners being a recently-in-mind example) Thoughts? I think a little more on-topic, a little less on-people would be nice. Jerry Milo Johnson ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358172 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
