lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 May 2010 18:08:20 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows' future (reprise)

>Is my business at risk, if I
>say the wrong thing, and my customers go out of business because
>their hardware/software combination is no longer viable?  I imagine
>these questions are on the minds of many IT managers, and with a
>chart on the wall showing 243% mutation, it is only reasonable that
>they be asked.
>
>Stu
>
>---
>Stuart Udall
>stuart at () cyberdelix dot net - http://www.cyberdelix.net/

In business, you are always exposed to some level of risk when you charge for professional services.  That's why you carry various business insurance policies should you engage in a project in which you are responsible for some level of loss on behalf of your client.  $5 million in E&O is typical, though I've seen a little as $1 million as a requirement.

Given that malware and virus mitigation is a systemic issue, I doubt you could be held responsible for a company "going out of business" because an AV program made their hardware and software unviable.  However, when you make public posts to a mailing list that is replicated worldwide about how you are consulting for a business that purchased a $24,000 .net application (or whatever it was) but then go on to say how you know absolutely nothing about .net, I do think you are opening yourself up for legal action should the company have issues (which, they probably will) and there is basically "proof" in your own words that you are unqualified to do the work.

I know my way around different .nix installations a bit.  I can make stuff run, and I actually quite good at screwing up a kernel rebuild.  However, I don't trust myself to set up a secure unix installation; certainly not to a point that I would provide professional services and bill clients for.  If I were to do that, I would (and should) be held liable for damages arising out errors I am responsible for.

The "right" thing to do here, from a business and ethics standpoint, is to subcontract a .net professional who can represent you properly.  The job will get done properly, you will make money, and your customer will be happy.   You're in London, right?  Call up some guys at NGS and see if they can help you.  There are some really good people there.

t


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists