| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <101493C8D3E439448F7A11A6A9FCEFA217488B@NYWEXMB81.msad.ms.com> Date: Fri Feb 17 02:43:53 2006 From: Mark.Handy at morganstanley.com (Handy, Mark (IT)) Subject: Need some advice for a new customer Agree completely. Mark Handy STAR (Security Threat Assessment and Response) -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Peter Besenbruch Sent: 13 February 2006 11:19 Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Need some advice for a new customer > Here's the question: > > Should the company notify their customers of a POSSIBLE compromise of > their data? I have been trying to convince them that they should > operate as though the data is compromised. Is that the right position > to take as a security consultant? What would be the consequence to their business be if the news of compromise came from a third party, and not the business itself? They need to get out front on this. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited.
Powered by blists - more mailing lists