Full Disclosure mailing list archives
Re: new pen-test tool!
From: Árpád Magosányi <mag () magwas rulez org>
Date: Sun, 06 Jul 2014 09:31:18 +0200
This looks like a valuable tool. But I would suggest to rethink some of the question of trust metrics, most importantly the first one. Size of the vendor have nothing to do with the level of trust you should have in it. If you have ever worked in a shop which is not at the bottom of the food chain, you will be able to think of vendors with just 10-15 (or even less) employees who are extremely responsive and trustworthy. And you will also have a bunch of stories about big names screwing you despite of high value support contracts (Oracle is notorious for doing that). There are whole countries where big names have no technical competence whatsoever. Yes, they could bring in someone if shit happens, but experience have shown that they won't. I would suggest to ask about the vendor's size relative to your own (not too small, not too big), whether it actually have the competence, and how important is your business to you. And you should look for overtrusting the vendor as well: question #3 is a good start, but what you need is not "similar" product or service, but the exact same. You will not be able to change your mission critical application or enterprise bus overnight, even if there are plenty of software developers and bus solutions out there. What you need is an active pool of developers and operators working on your instance of mission critical stuff continously and seeing each other's work, so they are fully aware that they are interchangeable. (And you should be wise enough to give a high enough profit margin for them.) On 07/03/2014 01:44 PM, Pete Herzog wrote: []
http://archon.thewatchers.net/ISECOM/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- new pen-test tool! Pete Herzog (Jul 05)
- Re: new pen-test tool! Árpád Magosányi (Jul 07)
- Re: new pen-test tool! Keira Cran (Jul 07)
- Re: new pen-test tool! Jim Credland (Jul 08)