lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: andrew at generator.co.za (Andrew Thomas) Subject: openssl exploit code (e-secure-it owned) Comments inline... ----- Original Message ----- From: "hellNbak" <hellnbak@...c.org> To: "Andrew Thomas" <andrew@...erator.co.za> Cc: "Erik Parker" <eparker@...dsec.com>; "Arjen De Landgraaf" <arjen.de.landgraaf@...ogic.co.nz>; <full-disclosure@...ts.netsys.com> Sent: Wednesday, September 18, 2002 5:32 PM Subject: Re: [Full-Disclosure] openssl exploit code (e-secure-it owned) > > Or maybe you'd be willing to pay for another admin to work half-day to keep > > up with the lists. Again, I wouldn't. I'd rather split the costs with ... > Some companies do exactly this. It depends on your organization size and > security budget. If the "service" is going to cost you an arm and a leg > to implement and use is it not worth it to hire a junior security resource > instead? Definitely. Agreed on all costs. My example being from an historical situation that I found myself in, with a bit of poetic licence to make the point of the devils advocate. > > Or what am I missing here? > > There are free alternatives to giving these guys your money. I definitely missed that :) Would you care to give me pointers to these services? Regards, Andrew
Powered by blists - more mailing lists