Re: Another security vendor spamming

[Paul Vixie <vixie () isc org>]

mike () technomonk com (Mike Preston) writes:

> I tend to agree. I want a vendor I trust with my security to be
> completely ethical in its dealings with customers. If they go as far as
> spamming, who is to say what other 'shady practices' they might do?

when i found out that a security vendor had been spamming <nobody () vix com>
(which goes to /dev/null, so i only noticed it when reviewing a syslog file)
i complained bitterly on another gadilist.  the crowd did not go wild; the
consensus was that verifying permission before sending marketing materials
repeatedly to an e-mail address was too much of a burden on e-mail senders.

since i'd had prior dealings with this particular security vendor back when
i was running MAPS, i wasn't expecting them to admit to any errors, nor to
apologize for not following their own documented policies, nor to apologize.
and indeed, they did none of those things.  yet employees of that company
are considered to be upstanding and vetted members of the da/mwp community.

i mention this not just out of sour grapes, but because the standard of trust
described in the above-quoted text is apparently very much higher than the
actual standard of trust employed throughout the internet security community.
so, you may want to recalibrate, i.e., lower your standards toward "average."
-- 
Paul Vixie
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.