Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Insurance

From: Howard518 () aol com
Date: Wed, 27 Nov 2002 17:52:43 -0500
Whilst the Company wants assessments and Penetration tests, It's down to the Supplier providing the Service of 
penetration testing to make sure that the client sees a Conformity Letter stating that whilst the Supplier is providing 
the penetrations tests the supplier will not be liable for any acts towards the systems they are pen - testing. The 
client must sign this as part of the proposal deal, if they don't it's down to the supplier if they want to proceed 
with the assessment knowing they could be liable. As we all know even when not attaching any testing equipment or even 
touching the infrastructure, the client will always point the finger at you when something goes wrong.

Big Blue when generating proposals make sure that the client signs a non disclosure and "get out of jail free letter" 
in case of problems such as penetration( Hacking) testing

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: