Penetration Testing mailing list archives
Re: They will protect me (won't they?)
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Tue, 10 Feb 2009 21:24:42 -0500
Jamie,I understand your perspective but its not the perspective of any well seasoned security professional. The fact of the matter is that that external teams will always identify risks and provide new perspective that you would not get from your internal team. Internal teams get stale. There's a lot more to what I'm saying than what I've just written, but if you read between the lines I hope you understand where I'm coming from.
On Feb 10, 2009, at 5:28 PM, Jamie Riden wrote:
2009/2/9 Adriel T. Desautels <ad_lists () netragard com>:One of my recent thoughts and blog entries...So the other day I was talking with my buddy Kevin Finisterre. One of the things that we were discussing was people who just don't feel that security is an important aspect of their business because their customers don't ask for it. That always makes my brain scream "WHAT!?". Here's a direct quote from a security technology vendor "We don't perform regular penetrationtests because our customers don't ask us to do that."This is probably not a popular view on this list, but I think you can do a lot towards securing a system without doing a pen-test. Obviously, I think vendors do have a substantial responsibility to make sure the systems they sell are easy to secure, and to encourage their customers to keep them secure. But if the security guy at the company fixes everything up without having a pen-test that's fine with me. cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk http://www.ukhoneynet.org/members/jamie/
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com
Current thread:
- They will protect me (won't they?) Adriel T. Desautels (Feb 10)
- Re: They will protect me (won't they?) Jamie Riden (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Jamie Riden (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Sat Jagat Singh (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Jamie Riden (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Re: They will protect me (won't they?) Dotzero (Feb 11)
- Re: They will protect me (won't they?) Adriel T. Desautels (Feb 11)
- Message not available
- Message not available
- Fwd: They will protect me (won't they?) Dotzero (Feb 11)