lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: mvp at joeware.net (joe)
Subject: Web sites compromised by IIS attack

Heck I wouldn't mind seeing that in just electrical, natural/propane gas,
and water services. Delivery of those products is considered a service.
Getting that in software is a pipe dream if you can't get it in core
services aka utilities such as the ones listed which are considered
"critical".  

I also happen to disagree with your conclusion. I think you would find that
the software service providers would be more focused on setting up rules
under which they will offer you an SLA in terms of what hardware, what
software, who modifies the machine. I have been in the computer support
industry in various ways for quite a while and almost always working with
SLAs. Quality isn't the big thing you see in SLAs, it is holes to get out of
having to perform to the SLA level. Dragging lawyers into the software arena
is not going to help anything. You want to drag lawyers somewhere, consider
some place wet and deep. The legal world is not, in my opinion, making this
a better world to live in. Just more lawsuit prone. 

  joe



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Gilbert Pilz
Sent: Thursday, July 01, 2004 9:52 PM
To: FULL-DISCLOSURE@...ts.netsys.com
Subject: RE: [Full-Disclosure] Web sites compromised by IIS attack


 With a "software as a service model"
*combined* *with* measurable and verifiable service level agreements (where
breaching the agreement results in refunds or other financial penalties) I
think you would find that the service providers would be much more focused
on quality and security because they have a direct financial interest in
making sure the service remains up and operating correctly.



Powered by blists - more mailing lists