Several other contributors have made the same or similar comments, but I'll just throw in my .02 as well:

I regularly read /., Security Focus, and the SANS reading room, not to mention the security specific areas of several coders' websites. I subscribe to two security bulletin mailing lists, plus Counterpane News. I regularly read two security related usenet groups. Purchasing conference proceedings is a bit steep for my budget so I often make a trip to the closest university library to borrow new editions when they come out. I have an active fascination with all things security, and I am a coder by profession.

Yet this article was the first time I've ever heard of Sardonix. If I had heard of it, I believe I would have been a regular contributor (modulo the demands of work).

I believe this project failed because of a total lack of publicity. One commenter suggested that the whole thing may have been a scam to get government money. That's obviously wild speculation, but I do think the government should subject this project to a fairly hostile audit, with a view to trying again but doing it better.

One issue that perhaps might be worthy of detailed examination, not only for this project but in general, would be identifying the sources of information by which information security professionals find out what is going on in the field.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/7947/24798#24798