lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: andrew at generator.co.za (Andrew Thomas)
Subject: openssl exploit code (e-secure-it owned)

Hi,

A few comments I believe are in order.

Firstly, Erik has a point with regards to securing your own boxes. If
they're not secured tightly, why should a company trust information
proporting to come from you?

Secondly, I had a look at the business proposition that Arjen's group is now
following. I though it was a valuable service and I still believe it is a
valuable service.

Time=money, and perhaps you might be willing to take on an admin job that
requires +-8 hours a day, plus spend an additional 2-3 hours a day keeping
up with mailing lists in your own time, but not all are.

Or maybe you'd be willing to pay for another admin to work half-day to keep
up with the lists. Again, I wouldn't. I'd rather split the costs with
several other companies and keep my admin up to date with information
relevant to our internal architecture. I don't want to pay for my staff to
spend hours a day staying current with vulnerability information on
AIX/HPUX/Linux, when we're running a FreeBSD/Solaris shop.

Or what am I missing here?

Regards,
  Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ