| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090307235514.4B1822A83@smtp.telenor.se> Date: Sun, 8 Mar 2009 00:54:07 +0100 From: david <david@....se> To: Smoking Gun <pentesterkunt@...il.com>, Michael Krymson <krymson@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [SCADASEC] 11. Re: SCADA Security - Software fee's ----- Ursprungligt meddelande ----- Från: Smoking Gun <pentesterkunt@...il.com> Skickat: den 23 februari 2009 17:28 Till: Michael Krymson <krymson@...il.com> Kopia: full-disclosure@...ts.grok.org.uk Ämne: Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software fee's On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson <krymson@...il.com> wrote: > > > On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun <pentesterkunt@...il.com> > wrote: >> > Blah blah gross personal speculation blah... > > At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets > back a scan with some dumpy reports on it (sorry, it's not a SmokingGun > report that shakes the ground and makes angels weep), where is the real > breakdown here? Did she not get something in return? Was she underpaying and > thus getting Crazy Eddie crap? Was her expectation skewed? Or maybe is her > resultant declaration that her company is fully secure after that scan > ludicrous? The real breakdown here comes from Cloe soliciting the services of someone who is labeling themselves an expert. This whole "Walmart" style penetration tester in a box theme being promoted by underclued individuals and marketed to the industry is devaluing the work many have worked hard to perfect. Many have given countless hours, codes, write-ups, seminars you name it. There is nothing wrong with making a euro, dollar, baht, don't mistake this but when there are mission critical applications and institutions at hand, that buck should take a backseat for the security of lives - or did you miss the subject portion of SCADA Security. -- Making no mistakes is what establishes the certainty of victory, for it means conquering an enemy that is already defeated. - Sun Tzu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists