As per the press release, "McAfee, Inc. ... today announced that Foundstone Professional Services will launch a series of free tools that teach developers, programmers, architects and security professionals how to create more secure software. The tools will also review the root causes of increasingly prolific crimes such as e-shoplifting, session hi-jacking and identity theft." The tools take the form of actual applications written in a variety of languages and platforms, so as to "replicate interconnected real-world application scenarios including travel, banking and shipping, each written in a different programming language, to demonstrate the potential cross-platform risks to a business' own applications, and those they are connected to."
One of the apps, Hacme Shipping, is a "Web based shipping application written in ColdFusion MX7, using the Model-Glue framework and MySQL database."
It's good to see ColdFusion recognized as a legitimate platform, along with the others to be included.
Glad to see you noticed the release!
CF is absolutely a legitimate platform and one that we see during our engagements along with J2EE, .Net and other platforms. As a long-time CF developer I was happy to be able to help Foundstone deliver this application as part of the Hacme suite of tools. Let's hope people learn from my "mistakes" in HacmeShipping. (As an aside, it's extremely difficult o write flawed code after working on security for so many years!)
-Purr