Penetration Testing mailing list archives
Re: My Frustrations
From: security curmudgeon <jericho () attrition org>
Date: Thu, 18 Dec 2008 20:29:42 +0000 (UTC)
On Thu, 18 Dec 2008, Jamie Riden wrote: : However, just running an automated tool such as nessus/nmap/whatever and : dumping the results into a report is not nearly good enough - yes, I : have seen this in a commercial pen-test report. Ugh. This is the down-side to signing NDAs. They protect security companies inadequacies just as much as they protect sharing sensitive data with a third-party. Customers pay, and they can control such NDAs if they choose. It would be nice to see more customers reword NDAs to protect themselves, agree not to disclose some vendor 'trade secrets' (really, ./nessus -args isn't a trade secret), but not bind themselves further. This would let a company post to the list "We used X Scan Shop, Inc. and were very unhappy. They provided unsanitized $product reports without even validating false positives." ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
- My Frustrations Step Two Adriel T. Desautels (Dec 18)
- RE: My Frustrations Step Two Erin Carroll (Dec 18)
- Re: My Frustrations Step Two Leonardo Cavallari Militelli (Dec 18)
- Re: My Frustrations Step Two Alex Moen (Dec 18)
- Re: My Frustrations Step Two Matt (Dec 18)
- Re: My Frustrations Step Two Paul Melson (Dec 19)
- Re: My Frustrations Step Two Adriel T. Desautels (Dec 19)
- My Frustrations Step Two Adriel T. Desautels (Dec 18)
- Re: My Frustrations Jamie Riden (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations M.B.Jr. (Dec 19)
- RE: My Frustrations Baykal, Adnan (CSCIC) (Dec 19)
- RE: My Frustrations Erin Carroll (Dec 19)
- Re: My Frustrations Nick Besant (Dec 18)
- RE: My Frustrations THOMAS, DEDRIC (ATTCLSMA) (Dec 18)