Penetration Testing mailing list archives
Re: Publishing Findings on Commercial Applications
From: intel96 <intel96 () bellsouth net>
Date: Wed, 14 Jun 2006 08:59:48 -0400
Why would you want to make this information public? Self promotion maybe? Over the past year I have found vulnerabilities in several commercial products in the routing, switching, voip, and wireless space. I did not post my findings to the world I sent my testing notes to the vendors to fix their problems. I have found that road the best to travel with the vendors and my customers. If you found security issues relating to the application that you were testing tell the vendor. If the vulnerabilities were related to customer configuration issues than write a white paper outlining best practices for the application, you will get more traction. Intel96 On 6/13/06, Jezebel Ali <jezebel_ali () hush com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----I have question: If I performing Penetration Test on customer site and this customer has a commercial application which is not publicly available for download or purchase, do I have a right to publish finding of this application to the public without mentioning customer name? This application widely used by banking and financial industry and not always available to anyone for testing.
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Publishing Findings on Commercial Applications Jezebel Ali (Jun 13)
- RE: Publishing Findings on Commercial Applications Sahir Hidayatullah (Jun 13)
- RE: Publishing Findings on Commercial Applications Ralph Forsythe (Jun 13)
- Re: Publishing Findings on Commercial Applications Ivan Arce (Jun 14)
- Re: Publishing Findings on Commercial Applications javier (Jun 14)
- Re: Publishing Findings on Commercial Applications Paul Robertson (Jun 13)
- Re: Publishing Findings on Commercial Applications intel96 (Jun 14)
- Re: Publishing Findings on Commercial Applications mikeiscool (Jun 13)
- RE: Publishing Findings on Commercial Applications Paul Melson (Jun 14)
- Re: Publishing Findings on Commercial Applications mikeiscool (Jun 14)
- RE: Publishing Findings on Commercial Applications Paul Melson (Jun 15)
- RE: Publishing Findings on Commercial Applications Paul Melson (Jun 14)
- RE: Publishing Findings on Commercial Applications Sahir Hidayatullah (Jun 13)
- <Possible follow-ups>
- Re: Publishing Findings on Commercial Applications Jezebel Ali (Jun 13)
- Re: Publishing Findings on Commercial Applications Javier Fernandez-Sanguino (Jun 14)
- RE: Publishing Findings on Commercial Applications Jezebel Ali (Jun 14)