| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F0D9F5E.7090907@oneechan.org>
Date: Wed, 11 Jan 2012 08:40:30 -0600
From: Laurelai <laurelai@...echan.org>
To: Ferenc Kovacs <tyra3l@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Rate Stratfor's Incident Response
On 1/11/12 8:39 AM, Ferenc Kovacs wrote:
>
>
> Because the ones with the so called ethics either lack the technical
> chops or lack the enthusiasm to find simple vulnerabilities. Not very
> ethical to take a huge paycheck and not do your job if you ask me.
>
>
> If the only thing missing to secure those systems was somebody being
> able to use sqlmap and xss-me, then that could be fixing without
> hiring people who already proved that they aren't trustworthy.
> from my experience, the lack of security comes from the management,
> you can save money on that (and qa) on the short run.
> so companies tend to hire QSA companies to buy the paper which says
> that they are good, when in fact they aren't.
> most of them don't wanna hear that they are vulnerable and take the
> risks too lightly.
> if they would take it-security seriously it simply couldn't be owned
> through trivial, well-known attack vectors.
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
:D at least one person here gets it.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists