Not like it’s a topic that needs any more attention, but I thought I would share some opinions from some attendees who gave me a call right after the talk was over with. Within the first two minutes Ganesh and Tipping Point/3Com revealed that they would not be releasing the tool as it would “make some people mad” and that he also received pressure from blogs and mailing lists not to do so. No vendor names/applications were mentioned or bug release information (schedules/dates), not even a total number of unnamed applications that were tested as Lluis responsibly mentioned at S4.

Sulley was released some days before at BlackHat and no SCADA protocol test cases were released. One bug crash was shown, but the application was hidden, however sources recognized it as a popular Modbus client. The talk was summarized as very similar to the youtube link that Dale provided in his thoughts minus 5 or 6 slides that showed some protocols layout images.

I heard the largest disappointment was the crowd who kept asking questions in regards to ZDI and making comments on how vulnerable SCADA systems are, how vendors don’t make patches (or care), and how the sky is falling in the SCADA community. The talk was purely for marketing and provides no benefit to the community in terms of improving SCADA security. My thoughts are that Tipping Point/3Com is yet again trying to win a big contract with another fortune 500 in the energy/utility space and thinks that their customers tossing “Tipping Point AND SCADA” into google will be enough.