I'm posting this here because for some Strange,Mysterious reason, the fine people at bugtraq won't publish my response on their list....I've tried for 2 days now and decided that its being rejected...Why i have no idea, and they have not sent me any rejection confirmation, however others posts keep coming, and mine is nowhere to be found....

So alas i have to spread the word myself...Here is the original bugtraq post...and the full story,SpiDynamics somewhat weak reply, and my as of yet unanswered reply are all at the url at the bottom....Thank you for your time.



------Cut and paste from SpiDynamics Website------

WebInspect, S.P.I. Dynamic's premier product, is the most comprehensive network-based web application security solution ever designed. It dynamically uncovers well-known static security holes, as well as security vulnerabilities specific to your own custom web applications, working with your existing security software to re-enforce and strengthen functionality. Using patent-pending logic, WebInspect hones in on a new class of vulnerabilities undetected by any other scanner currently on the market.
------End cut and paste from SpiDynamics Website------




Basically it's a vulnerability scanner that you use to remotely test your website for potential security holes. A demo of it is available for download from the SpiDynamics Website (http://www.spidynamics.com) for the cost of filling out an information form(And seemingly signing away your privacy).

I've come to the conclusion that SpiDynamics is keeping track of atleast what sites you are scanning with their software and possibly much more. What's worse is that there's NO mention of this "Reporting" activity on the part of the software in the EULA(End User License Agreement) that you must agree to before you install their demo of WebInspect. I'm no legal expert, Or master hacker...But anyone can see that something strange is going on here. And a lead developer from their company even admitted to me on the telephone that "I had found a Bug". The thing is, that I personally think it's intentional, and not just
some accidental oversight on their part. It seems to me that this is Highly illegal, almost to the point of evesdropping...but like I said i'm no legal expert, you be the judge... http://www.globalapathy.com/news/default.asp (Read full article here)

-DB

P.S. I've included SpiDynamics evasive reply and my reply to them on my site....I think they should change their policy, or face some sort of legal action...Any legal experts out there?What action could be taken?