Full Disclosure mailing list archives
Re: [SCADASEC] 11. Re: SCADA Security - Software fee's
From: david <david () ond se>
Date: Sun, 8 Mar 2009 00:54:07 +0100
----- Ursprungligt meddelande ----- Från: Smoking Gun <pentesterkunt () gmail com> Skickat: den 23 februari 2009 17:28 Till: Michael Krymson <krymson () gmail com> Kopia: full-disclosure () lists grok org uk Ämne: Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software fee's On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson <krymson () gmail com> wrote:
On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun <pentesterkunt () gmail com> wrote:Blah blah gross personal speculation blah... At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets back a scan with some dumpy reports on it (sorry, it's not a SmokingGun report that shakes the ground and makes angels weep), where is the real breakdown here? Did she not get something in return? Was she underpaying and thus getting Crazy Eddie crap? Was her expectation skewed? Or maybe is her resultant declaration that her company is fully secure after that scan ludicrous?
The real breakdown here comes from Cloe soliciting the services of someone who is labeling themselves an expert. This whole "Walmart" style penetration tester in a box theme being promoted by underclued individuals and marketed to the industry is devaluing the work many have worked hard to perfect. Many have given countless hours, codes, write-ups, seminars you name it. There is nothing wrong with making a euro, dollar, baht, don't mistake this but when there are mission critical applications and institutions at hand, that buck should take a backseat for the security of lives - or did you miss the subject portion of SCADA Security. -- Making no mistakes is what establishes the certainty of victory, for it means conquering an enemy that is already defeated. - Sun Tzu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [SCADASEC] 11. Re: SCADA Security - Software fee's david (Mar 07)