The ORB Project is planning to release its first whitepaper during Q1 2008.


The ORB Project has been spoken about at various industry events and conferences, including:

Tom Stracener & Marce Luck, "Hacking the EULA: Reverse Benchmarking Application Security Scanners," Defcon, 2007. [download]

Tom Stracener, "Reverse Benchmarking," Toorcon 9, 2007. [download]

Tom Stracener, "Session Management Security and Applied Reverse Benchmarking," OWASP Appsec 2007, [download]


The ORB Project is in an early stage of development and plans are underway for several projects and initiatives beginning in 2008. The first of our projects to come online will be the mailing list, open to anyone in the security community with an interest in reverse benchmarking as a methodology. We expect to have the mailing list up and running soon, and we will likely go through a third party hosted list-serv. More information about the projects below, including their status, will be made available by Q1 2008.