lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: keydet89 at yahoo.com (Harlan Carvey) Subject: Top 15 Reasons Why Admins Use Security Scan ners And you know something, Chris...that's fine. Really. I just left a position in the private sector w/ a company that was audited over a dozen times a year by various customers. Even their external auditors (ie, *not* customers) were clueless when it comes to IT or security. One audit did include a knowledgeable security professional on staff...but just one. But there's also another way to look at the original comment...security is a process. Running a vulnerability scanner isn't a process...it's a point-in-time check, a snapshot. A good IT security auditor won't focus on the fact that certain systems have vulnerabilities...he or she will focus on *why* they have the vulnerabilities. > I believe many true IT Security Auditors out there > would agree that your wrong on this one. > > > -How will I ever pass my IT Security Audits? > > > > Don't worry about it...most audits don't seem to > have > > an IT background, and even when they do, they > don't > > take the time to understand your business > processes or > > your network infrastructure.
Powered by blists - more mailing lists