Penetration Testing mailing list archives
Re: [PEN-TEST] Ethics Scenario
From: Erik Tayler <erik () digitaloffense net>
Date: Mon, 2 Oct 2000 16:03:49 -0500
In my opinion, this would fall into the chasing ambulances category. If you find a vulnerability in someone's systems, and you were not asked to do so, it should be your obligation to either ignore it, or tell them about it. If you were to say "this is a problem, and we can fix it, for a price", that would be unethical, and it would undoubtedly be unwelcome. However, in some instances, it might be appropriate to offer help [for cost or not]. Erik Tayler 14x Network Security http://www.14x.net http://www.digitaloffense.net -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Christopher M. Bergeron Sent: Monday, October 02, 2000 12:44 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Ethics Scenario Here's a scenario that I'd like to get peoples' input on: A) Our company does pen-tests, security auditing etc... B) Our team finds a vulnerability/hole on a website just by poking around / using the site. The question is this: Do we tell the website company who we are and that we have discovered a vulnerability and then offer to provide them assistance with the vulnerability (for pay of course). i.e. offering them a full pen-test or an IDS or something...? Or does this tend to fall into the "chasing ambulances" type of business marketing strategy?
Current thread:
- [PEN-TEST] Ethics Scenario Christopher M. Bergeron (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Edward Mitchell (Oct 02)
- Re: [PEN-TEST] Ethics Scenario SM (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Ethics Scenario Dunker, Noah (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Steve (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Tonick, Mike (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Gallicchio, Florindo (2282) (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Darryl Rathbun (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Spy Fox (Oct 02)