Penetration Testing mailing list archives

RE: How to Tackle the Legal Tangle?

From: Steve <steve () securesolutions org>
Date: Mon, 10 Sep 2001 16:33:36 -0400

I agree with Dan.

Most organizations will have spent the money to have a "Standard Terms &Conditions" or "Letter of Understanding" drafted that can be attached toproposals and used as a get out of jail free card. In general, I will notstart any work for a client, even if it is not a Pen-Test before they havesigned this document. This accomplishes two things (if the document isdrafted properly) it commits the clients to my proposal (and fees) and itshows that the client accepts the dangers of performing certaintasks. Also, be sure that the person signing the document is an authorizedsigning agent for the client in question.

Its a pain in the ass, and lawyers are expensive but make sure that youlawyer knows that you want the document to be general enough that you canuse it for any client with little modification.



Regards;

Steve Manzuik
Moderator - VulnWatch
www.vulnwatch.org


At 12:12 PM 10/09/2001 -0400, Dan Ryan wrote:

Contracting for penetration testing is complex and, if not done with the
assistance of expert counsel, can leave you at serious risk. Find a lawyer
who understands both contracts and cyberlaw and listen carefully to his or
her advice. This is no place for do-it-yourself.

Daniel J. Ryan
Attorney at Law

-----Original Message-----
From: Biju Mukund [mailto:bmukund () mielesecurity com]
Sent: Monday, September 10, 2001 12:14 AM
To: pen-test () securityfocus com
Subject: How to Tackle the Legal Tangle?


There is a lot of confusion on the Legal Documents that we need to sign and
protect ourselves (I.e Pen Testing Company)before we accept a Assignment.
Consultants and legal 'experts' dump loads of papers which no one really
understands.
Is any one aware of a web resource where one can find all/some documents
which we might use before and after Pen-testing assignment?
Or is there some one who can guide us on "How to Tackle the Legal Tangle?"

Regards
Biju Mukund

BS 7799 Certified Auditor
MIEL e-Security Pvt. Ltd
bmukund () mielesecurity com
www.mielesecurity.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

How to Tackle the Legal Tangle? Biju Mukund (Sep 10)
- Re: How to Tackle the Legal Tangle? matt (Sep 10)
- RE: How to Tackle the Legal Tangle? Dan Ryan (Sep 10)
  - RE: How to Tackle the Legal Tangle? Steve (Sep 10)
  - RE: How to Tackle the Legal Tangle? Dom De Vitto (Sep 12)
  - RE: How to Tackle the Legal Tangle? matt (Sep 12)
- Re: How to Tackle the Legal Tangle? Sameer Saxena (Sep 12)
- <Possible follow-ups>
- RE: How to Tackle the Legal Tangle? IA Manager (Sep 13)