Farmer developed his first
software suite while he was a
computer science student at
Purdue University in 1989.
Gene Spafford, one of his professors, helped him to start the project. The software, called the
Computer Oracle and Password System (COPS), comprises several small, specialized
vulnerability scanners designed to identify security weaknesses in one part of a Unix operating system. In 1995, Farmer and
Wietse Venema (a Dutch programmer and physicist) developed a second vulnerability scanner called the
Security Administrator Tool for Analyzing Networks (SATAN). Due to a misunderstanding of SATAN's capabilities, when it was first published, some
network administrators and law enforcement personnel believed that
hackers would use it to identify and break into vulnerable computers. Consequently,
SGI terminated Farmer's employment. However, contrary to popular opinion, SATAN did not function as an automatic hacking program that undermined network security. Rather, it operated as an audit on network security that identified vulnerabilities and made suggestions to help prevent them. No information about how security vulnerabilities could be exploited was provided by the tool. Within a few years, the use of
vulnerability scanners such as SATAN became an accepted method for auditing computer and network security. He co-developed the Titan vulnerability scanner with Brad Powell and Matt Archibald, which they presented at the
Large Installation System Administration Conference (LISA) in 1998. Farmer and Venema collaborated again to develop a
computer forensics suite called
The Coroner's Toolkit, and later coauthored
Forensic Discovery (2005), a book about computer forensics. Farmer co-founded Elemental Security with Dayne Myers, and served as the corporation's
chief technical officer. ==References==