Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: They will protect me (won't they?)

From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 10 Feb 2009 22:28:31 +0000
2009/2/9 Adriel T. Desautels <ad_lists () netragard com>:

One of my recent thoughts and blog entries...

So the other day I was talking with my buddy Kevin Finisterre.  One of the
things that we were discussing was people who just don't feel that security
is an important aspect of their business because their customers don't ask
for it.  That always makes my brain scream "WHAT!?". Here's a direct quote
from a security technology vendor "We don't perform regular penetration
tests because our customers don't ask us to do that."


This is probably not a popular view on this list, but I think you can
do a lot towards securing a system without doing a pen-test.
Obviously, I think vendors do have a substantial responsibility to
make sure the systems they sell are easy to secure, and to encourage
their customers to keep them secure. But if the security guy at the
company fixes everything up without having a pen-test that's fine with
me.

cheers,
 Jamie
-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
http://www.ukhoneynet.org/members/jamie/
Previous By Date Next
Previous By Thread Next

Current thread: