Re: Vendor Participation on List and Proper Identification

[Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>]

Hello,

Cases like this really are disappointing.  As a vendor that frequents
this list, I believe that there is a lot of advantage to the
educational community to have input from technical experts in the
field.  I am an employer in addition to being a "vendor."  One of the
greatest challenges that we encounter is finding individuals that are
recent college graduates and that have the educational background
necessary to begin a career with us even as a Junior Security Expert.
I believe that interfaces between corporations and academia are
crucial to the success of new college graduates after leaving school.
When you ask technical questions and research technical products, you
are bringing this information back to your institution and thus
potentially increasing the exposure of latest technological solutions
to your student body.  Students who wish to broaden their educational
experience as work study or volunteers in the Campus IT Departments
especially benefit from this interaction.  Ultimately, I benefit by
passing this information on to reach new Information Security Students.

I am really sorry to hear that some of my peers in the corporate world
are abusing this privilege that could be very beneficial to both
academia and corporations alike.  However, if some choose to abuse
this privilege, they should not be allowed to participate in this
group.  Those of us that are participating by sharing our expertise in
a professional manner with the academic community still have a lot to
offer.  As I described above, I believe that academia has a lot to
gain from this interaction.

I don't feel that Jamie Stapleton's post was a direct ethical
violation of any vendor/academia interaction.  Mr. Stapleton is a
vendor for a product that he obviously (hopefully) believes in.  He
has chosen to sell this product and thus has researched it greatly and
has explained why he felt that it was a better tool than another
product that was a free solution.  I did not see where Jamie ever even
said that he sold the product.

I have offered advice on different occassions on this forum.  I have
presented free tools and so forth that others can use to help their
institution.  I have also said that I would be willing to help
institutions out however I could.  In my spare time, I have sat on
technical advising boards at several universities without any
compensation other than knowing (hoping) that I was advancing
technology, and encouraging the natural inquisitions that the computer
science industry provokes.

I hope that all vendors and representatives of various corporations
that frequent these lists are not punished for the unfortunate actions
of a few individuals.

Sincerely,

Sarah E Stevens, CISSP, CISM
Stevens Technologies, Inc.

> IMO this issue seems to be a little broader that than just a simple
> "List-Serve" issue.
>
> Shortly after I responded to an email on this list regarding our
various
> problems with Cisco's Acquitition of Perfigo, I have been swamped
with calls
> from various vendors. Since I did not post my direct phone number in
my
> posting, these calls have all came through our main campus phone
line,
> asking for me.  As this is the only forum in which I've mentioned
anything
> about this issue, it's pretty clear where these vendors got my
contact
> information.
>
> While I agree that vendor input on issues and questions can be very
valuable
> here, this list should not be used as a sales / marketing "Hit
List".  Jamie
> @ CBSI  did the correct thing, Identified himself as a Vendor,
attempted to
> answer our questions.  It seems that there are many other vendors
out there
> that are using this list soley as a marketing / sales lead tool.
>
> -----Original Message-----
> From: Information Security [mailto:infosecurity () UTPA EDU]
> Sent: Thursday, July 28, 2005 9:26 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Vendor Participation on List and Proper
> Identification
>
> Parker, Ron wrote:
>
> > Before we all bounce down this road about vendors on the list,
remember
> > that EDUCAUSE's policies do allow it. I think it can be valuable in
> > many cases.
>
> Seconded.  Let's save that argument until the day someone abuses the
list.
> Jamie Stapleton's posts are generally helpful and worth reading, and
it's
> clear from his email address he is a vendor.  Not a problem to me.
Let's
> return to the discussion of spam appliances...  I'm surprised no-one
has
> mentioned Brightmail yet - that's usually the one I hear when a
company is
> programming-phobic and wants a managed solution.  As far as I
understand it,
> their approach is primarily spamtrap-based and they mark only mails
that
> they've seen elsewhere in spamtraps.  They have a good reputation
but I
> worry that betting the farm on one technique is a long-term risk, as
> polymorphic and customised spams become more prevalent.
>
> I've already started receiving spams where some of the 'whitening'
text was
> taken from my own web site, in order to get past my Bayesian
filters.
> That's
> pretty sophisticated, and I have to wonder why the spammers bother,
because
> if someone goes to the effort of installing a spam filter you might
imagine
> that they'd never respond to spam even if it did slip through.
>
> Graham

--