Penetration Testing mailing list archives
RE: WebServices Testing
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 9 Oct 2006 09:26:13 -0400
-----Original Message----- Subject: Re: WebServices Testing
correction/adition , If/when they find out, they will often not want to
know in my experience, and
often make it not appear in their final version of the report. i've been asked many times to take things out of reports, and just told
them "you also get a digital
copy...." {hint}
I've been asked to do the same thing, usually in the context of, "Well we fixed it between the time you found it and getting the final report." But I've never deleted a finding from a report. It defeats the purpose. If the customer doesn't like it, they can (and do) hire someone less ethical to do their next assessment. Which leads me to...
do you think one should punish junkies rather then dealers ? or... lock out the dealers and try to ensure no dope is required, by
guiding the potential junkies away
from it.
I don't want to let this turn into a debate over drug enforcement policies because the analogy is thin at best, but you see how well busting dealers and locking up users has worked in the US. (In case you're wondering what I mean, http://www.huffingtonpost.com/walter-cronkite/telling-the-truth-about-t_b_16 605.html) Educating customers as to the long-term benefits of doing the right thing (despite additional effort and cost) will probably be more effective than chastising consultants that don't do what you feel they should. After all, they still got paid, didn't they? And you come off like a hater. PaulM ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- WebServices Testing dallas jordan (Oct 05)
- Re: WebServices Testing mailing lists (Oct 05)
- RE: WebServices Testing Paul Melson (Oct 06)
- Re: WebServices Testing Jamie Riden (Oct 06)
- Re: WebServices Testing Joseph McCray (Oct 06)
- <Possible follow-ups>
- Re: WebServices Testing revnic (Oct 06)
- Re: WebServices Testing mailing lists (Oct 08)
- Re: WebServices Testing mailing lists (Oct 08)
- RE: WebServices Testing Paul Melson (Oct 09)
- Re: WebServices Testing mailing lists (Oct 05)