Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [SCADASEC] 11. Re: SCADA Security - Software fee's

From: david <david () ond se>
Date: Sun, 8 Mar 2009 00:54:07 +0100
 

----- Ursprungligt meddelande -----
Från: Smoking Gun <pentesterkunt () gmail com>
Skickat: den 23 februari 2009 17:28
Till: Michael Krymson <krymson () gmail com>
Kopia: full-disclosure () lists grok org uk
Ämne: Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software        fee's

On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson <krymson () gmail com> wrote:



On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun <pentesterkunt () gmail com>
wrote:



Blah blah gross personal speculation blah...

At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets
back a scan with some dumpy reports on it (sorry, it's not a SmokingGun
report that shakes the ground and makes angels weep), where is the real
breakdown here? Did she not get something in return? Was she underpaying and
thus getting Crazy Eddie crap? Was her expectation skewed? Or maybe is her
resultant declaration that her company is fully secure after that scan
ludicrous?



The real breakdown here comes from Cloe soliciting the services of someone
who is labeling themselves an expert. This whole "Walmart" style penetration
tester in a box theme being promoted by underclued individuals and marketed
to the industry is devaluing the work many have worked hard to perfect. Many
have given countless hours, codes, write-ups, seminars you name it. There is
nothing wrong with making a euro, dollar, baht, don't mistake this but when
there are mission critical applications and institutions at hand, that buck
should take a backseat for the security of lives - or did you miss the subject
portion of SCADA Security.


-- 
Making no mistakes is what establishes the certainty of victory, for
it means conquering an enemy that is already defeated. - Sun Tzu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: