Re: [PEN-TEST] Contract/disclaimer for penetration testers

[Steve Goldsby <sgoldsby () INTEGRATE-U COM>]

Er.  We use something significantly more in depth than this.  We have a
reasonably fair hold harmless agreement, and a lengthy statement of work
(SOW).  THe contract just says "you agree to pay on time. period.".  THe SOW
has the real meat, responsibilities of both parties, etc.

Be safe.  Have a law firm draft your material.  You'll be glad you did.

Steve Goldsby, CEO
Integrated Computer Solutions, Inc.
www.integrate-u.com




-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of John Martin
Sent: Saturday, January 13, 2001 12:27 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Contract/disclaimer for penetration testers


Hi

Try www.maxvision.net/

This question also raises issues about the forthcoming RIP law in UK, which
comes into force in June 2001.  Does this law affect existing
authorisation/liability contracts, when conducting Penetration testing,
particularly externally via an ISP?  If so, how can we protect ourselves?
What needs to be changed in existing contracts?





-----Original Message-----
From: Allan Pratt [mailto:allan_pratt () HOTMAIL COM]
Sent: 12 January 2001 18:41
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Contract/disclaimer for penetration testers


Hi,

I recollect seeing a few months ago on this list a URL that was posted for a
contract that a penetration testing company had their clients sign.

The contract stated what the penetration testers would do and what other
issues that come up in the process of performing a penetration test.   This
included a liability waiver.

I can't find that posting. Does anyone recollect this URL or a similar
document I can download?

Thanks,

Allan



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Attachment: Stephen S Goldsby.vcf
Description: