Penetration Testing mailing list archives

Re: Pentesting tool - Commercial

From: "Andre Gironda" <andreg () gmail com>
Date: Tue, 4 Mar 2008 01:34:40 -0700

On Thu, Feb 28, 2008 at 4:26 PM, Ivan Arce <ivan.arce () coresecurity com> wrote:

 But before
 that, I'd like to ask you to clarify how did you come to your conclusions
 and if you were or are a licensed user of a current and up-to-date version
 of CORE IMPACT because I suspect you may be providing opinions that are
 based on a partial or limited view of our product. Please feel free to
 contact me directly or through any of Core's Customer Support channels so
 we can follow up on any particular feedback (or complain) you may want to
 provide.


I said that my list wasn't up-to-date, but included much of 2007.  If
you added 400 new exploits in the past 6 months - my mistake for not
making that clear enough.  All of the other information about my
process to getting to those numbers was included in the thread.  I can
re-quote all of them if necessary.

If I was a paying customer (or ever had been), I probably would have
violated a EULA for talking about such information in the public eye.
I have no intention of contacting you (or anyone at Core) about paying
for your product, and I don't really deal well with customer support
channels.

If you feel that these are opinions, that's fine - but I don't feel that way

If these vulnerability assessment management and network
penetration-testing tools were so important - how come they don't help
a person create the next iPhone expoit, the next QuickTime exploit, or
the almost certainly find the next Java JVM or Adobe Reader
vulnerability?

I suspect you may be providing opinions based on a limited view of the
industry based around your own product.

Cheers,
Andre

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Re: Pentesting tool - Commercial p1g (Mar 03)
- <Possible follow-ups>
- Re: Pentesting tool - Commercial Ivan Arce (Mar 03)
  - Re: Pentesting tool - Commercial Andre Gironda (Mar 04)
    - Re: Pentesting tool - Commercial Trygve Aasheim (Mar 04)
    - Re: Pentesting tool - Commercial Andre Gironda (Mar 04)
    - Re: Pentesting tool - Commercial Trygve Aasheim (Mar 04)
    - Re: Pentesting tool - Commercial Andre Gironda (Mar 04)
    - AW: Pentesting tool - Commercial puppe (Mar 05)
  - Re: Pentesting tool - Commercial Pete Herzog (Mar 04)
    - RE: Pentesting tool - Commercial Clint P. Garrison (Mar 05)