Re: [PEN-TEST] WebEx security?

[Bennett Todd <bet () RAHUL NET>]

2000-10-31-12:53:14 Alfred Huger:
> I would have to disagree with the notion that weak network
> security on their site relates to an insecure product.

Sounds like you have some different experiences from me.

> The IT folks are without doubt not the same people who are writing
> the application in question.

Certainly, but...

> I can think of a number of vendors who have excellent products in
> terms of security and terrible network security....

I've never met a single one, and have trouble picturing how it can
happen. I've seen plenty of vendors with decent in-house security
that ship product with lousy security; that happens whenever the
folks making the sales and marketing decisions don't understand the
need for security; far too few customers will demand it to create
good pressure from their side, it has to come from the sales staff.

But in what sort of shop would designers and sales staff who
understand and care about appropriate security ignore the fact that
their own systems don't have it, or be ignored when they report
that to management?

> Bad IT people do not add up to a bad product.

In my experience good IT people maintaining a good secure vendor
site are a necessary but not sufficient condition to see good
product coming from that vendor. And so I've invariably found that
bad IT people do indeed invariably go with bad product.

-Bennett

Attachment: _bin
Description: