Educause Security Discussion mailing list archives
Re: [External] Re: [SECURITY] Malware Bytes
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Thu, 5 Nov 2020 12:45:11 -0500
On Thu, Nov 5, 2020 at 12:29 PM Weissbohn, David <dweissbohn () govst edu> wrote:
While I understand that these questionnaires can be a pain, any vendor who pushes back on completing one is an immediate red flag. Depending on how hard they push, I would not waste my time with them and instead find a vendor who is willing to cooperate. I’d be more concerned with their attitude towards cooperation than actually having the full HECVAT.
Aye I'm with David on this one. A HECVAT with less-than-perfect answers versus flat-out refusal to complete it is going to be a significant tell about the relationship you're going to have with that vendor. A HECVAT is a bit like pizza for me -- even a bad one is better than none. That said, I also appreciate the liability it puts on any vendor who formally recognises "we really should be doing <x> - but we don't because we can't be arsed with doing things the right way"... kmw ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Malware Bytes Menne, Michael S (Nov 05)
- Re: Malware Bytes Weissbohn, David (Nov 05)
- Re: [External] Re: [SECURITY] Malware Bytes Kevin Wilcox (Nov 05)
- Re: Malware Bytes Weissbohn, David (Nov 05)