Re: Vendor Participation on List and Proper Identification

[Tom Bossie <tbossie () CITADEL COM>]

Let's face it; given the human factor you're always going to have those that
honor the rules and those that take advantage of the situation.

To be honest, this list-serv feels a little invasive in general. To
anomalously listen to the various issues and problems, ignoring our nature
to sell, is a daily temptation. And given the general business environment
these days there is a strong tendency to exploit the available venues in
competing for the available funds!(revenue) Like the song says: sales is a
"sorry substitution for a spiritual life".

I can appreciate the need to have a private (education only) forum, for all
the obvious reasons. It sounds like these forums already exist from a
previous posting. Your (Edu) comments are valuable to us (Vendor).  Maybe
Educause could publish the contents of the discussion strings sans the
individual identities on a daily basis and allow a separate facility for
response by vendors. Then you could decide to call the vendor directly at
your discretion.

Or create a vendor list-serv where your members could ask questions to the
vendor community when and if they wish, using some sort of common alias to
avoid the marketing backlash. I'm sure there is way to make it work, that's
why we go to school!

Tom Bossie
Citadel Security Software

-----Original Message-----
From: Dave Koontz [mailto:dkoontz () MBC EDU]
Sent: Thursday, July 28, 2005 6:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Vendor Participation on List and Proper
Identification

IMO this issue seems to be a little broader that than just a simple
"List-Serve" issue.

Shortly after I responded to an email on this list regarding our various
problems with Cisco's Acquitition of Perfigo, I have been swamped with calls
from various vendors. Since I did not post my direct phone number in my
posting, these calls have all came through our main campus phone line,
asking for me.  As this is the only forum in which I've mentioned anything
about this issue, it's pretty clear where these vendors got my contact
information.

While I agree that vendor input on issues and questions can be very valuable
here, this list should not be used as a sales / marketing "Hit List".  Jamie
@ CBSI  did the correct thing, Identified himself as a Vendor, attempted to
answer our questions.  It seems that there are many other vendors out there
that are using this list soley as a marketing / sales lead tool.

-----Original Message-----
From: Information Security [mailto:infosecurity () UTPA EDU]
Sent: Thursday, July 28, 2005 9:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Vendor Participation on List and Proper
Identification

Parker, Ron wrote:

> Before we all bounce down this road about vendors on the list, remember
> that EDUCAUSE's policies do allow it. I think it can be valuable in
> many cases.

Seconded.  Let's save that argument until the day someone abuses the list.
Jamie Stapleton's posts are generally helpful and worth reading, and it's
clear from his email address he is a vendor.  Not a problem to me.  Let's
return to the discussion of spam appliances...  I'm surprised no-one has
mentioned Brightmail yet - that's usually the one I hear when a company is
programming-phobic and wants a managed solution.  As far as I understand it,
their approach is primarily spamtrap-based and they mark only mails that
they've seen elsewhere in spamtraps.  They have a good reputation but I
worry that betting the farm on one technique is a long-term risk, as
polymorphic and customised spams become more prevalent.

I've already started receiving spams where some of the 'whitening' text was
taken from my own web site, in order to get past my Bayesian filters.
That's
pretty sophisticated, and I have to wonder why the spammers bother, because
if someone goes to the effort of installing a spam filter you might imagine
that they'd never respond to spam even if it did slip through.

Graham

Attachment: smime.p7s
Description: