Penetration Testing mailing list archives

[PEN-TEST] Ethics Scenario

From: "Christopher M. Bergeron" <ChrisB () HGSS COM>
Date: Mon, 2 Oct 2000 13:43:43 -0400

Here's a scenario that I'd like to get peoples' input on:

A) Our company does pen-tests, security auditing etc...
B) Our team finds a vulnerability/hole on a website just by poking around / using the site.

The question is this:
Do we tell the website company who we are and that we have discovered a vulnerability and then offer to provide them 
assistance with the vulnerability (for pay of course).  i.e. offering them a full pen-test or an IDS or something...?


Or does this tend to fall into the "chasing ambulances" type of business marketing strategy?

Current thread:

[PEN-TEST] Ethics Scenario Christopher M. Bergeron (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Edward Mitchell (Oct 02)
- Re: [PEN-TEST] Ethics Scenario SM (Oct 02)
  - Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Ethics Scenario Dunker, Noah (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Steve (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Tonick, Mike (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Gallicchio, Florindo (2282) (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Darryl Rathbun (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Spy Fox (Oct 02)