[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <006b01c25f58$b9fde460$c700a8c0@Mandie>
From: andrew at generator.co.za (Andrew Thomas)
Subject: openssl exploit code (e-secure-it owned)
Comments inline...
----- Original Message -----
From: "hellNbak" <hellnbak@...c.org>
To: "Andrew Thomas" <andrew@...erator.co.za>
Cc: "Erik Parker" <eparker@...dsec.com>; "Arjen De Landgraaf"
<arjen.de.landgraaf@...ogic.co.nz>; <full-disclosure@...ts.netsys.com>
Sent: Wednesday, September 18, 2002 5:32 PM
Subject: Re: [Full-Disclosure] openssl exploit code (e-secure-it owned)
> > Or maybe you'd be willing to pay for another admin to work half-day to
keep
> > up with the lists. Again, I wouldn't. I'd rather split the costs with
...
> Some companies do exactly this. It depends on your organization size and
> security budget. If the "service" is going to cost you an arm and a leg
> to implement and use is it not worth it to hire a junior security resource
> instead?
Definitely. Agreed on all costs. My example being from an historical
situation that I found myself in, with a bit of poetic licence to make the
point of the devils advocate.
> > Or what am I missing here?
>
> There are free alternatives to giving these guys your money.
I definitely missed that :)
Would you care to give me pointers to these services?
Regards,
Andrew
Powered by blists - more mailing lists