Errata: Forus-P Plagiarism

Fri Jun 10 02:46:18 CDT 2011

On March 22, 2011, Jeremiah Grossman of WhiteHat Security wrote a blog piece tiled Mythbusting: Static Analysis Software Testing - 100% Code Coverage. In the post, Grossman outlined seven reasons why the belief that Static Analysis Software Testing (SAST) is superior to Dynamic Analysis Software Testing (DAST).

Some time before June 5, 2011, a Netherlands-based security company called Forus-P decided to copy a significant portion of Grossman's article for their own. In an article titled "Differences between SAST and DAST", the company wrote their own introduction to the topic by praising their partner's products. The first sentence starts out talking about Armorize CodeSecure and Cenzic Hailstorm. The fifth paragraph mentions Veracode SAST and Cenzic DAST offerings and begins the plagiarism, ending with Grossman's "This belief is a myth."

The next two paragraphs and five sections (down from Grossman's seven) are taken verbatim. Totalling 14 paragraphs, Forus-P does not reference or credit Grossman in any way. At the bottom of the page, they even use their standard copyright (Copyright 2010 FORUS-P). Using his material to market the products and service offerings of their partners is disgraceful; a blatant attempt to profit off Grossman's work.

Grossman brought the plagiarism to light via a tweet in which he reached out to the partner companies. Through backchannel contacts, a sympathizer to Grossman contacted one of the partners to see if they would contact Forus-P and set them straight. Less than 24 hours later, Forus-P's article was removed without comment or correction, and seemingly without apology to Grossman.

(Click to enlarge)

Updated 7-4-2011:

At the time of this article, Forus-P claimed to be a member of the European Network and Information Security Agency (ENISA), who provides a legal notice that reminds visitors to give credit if any of their material is used. Not only did Forus-P ignore that part of the disclaimer, we have since been contaced by Graeme Cooper, Head of Public Affairs Unit, clarifying that Forus-P is not a member of ENISA. We are not sure why Forus-P made this claim.

Once notified of the article infringement, Forus-P removed it immediately. In addition, when ENISA contacted Forus-P regarding the ENISA claim, they removed that as well.

main page ATTRITION feedback