| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <003101c25f24$e9dc5e70$c700a8c0@Mandie> From: andrew at generator.co.za (Andrew Thomas) Subject: openssl exploit code (e-secure-it owned) Hi, A few comments I believe are in order. Firstly, Erik has a point with regards to securing your own boxes. If they're not secured tightly, why should a company trust information proporting to come from you? Secondly, I had a look at the business proposition that Arjen's group is now following. I though it was a valuable service and I still believe it is a valuable service. Time=money, and perhaps you might be willing to take on an admin job that requires +-8 hours a day, plus spend an additional 2-3 hours a day keeping up with mailing lists in your own time, but not all are. Or maybe you'd be willing to pay for another admin to work half-day to keep up with the lists. Again, I wouldn't. I'd rather split the costs with several other companies and keep my admin up to date with information relevant to our internal architecture. I don't want to pay for my staff to spend hours a day staying current with vulnerability information on AIX/HPUX/Linux, when we're running a FreeBSD/Solaris shop. Or what am I missing here? Regards, Andrew
Powered by blists - more mailing lists