Penetration Testing mailing list archives
Re: Cross-company collaboration
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Wed, 22 Jul 2009 13:49:15 +0200
Salut, Erin, On Fri, Jul 17, 2009 at 04:47:41PM -0700, Erin Carroll wrote:
The recent thread from Adriel on verifying your security providers jogged a thought that's been at the back of my mind for a bit: Have you ever worked or collaborated with another pen-test company on projects? How did it work out? What prompted the collaboration effort? How did you manage the relationship with "the competition" and was it a successful engagement (financial or otherwise)? How did you find/choose who to work with?
Well, one time when a customer wanted an application which required a very high level of securing they actually went as far as to order two companies (us and The Others™) to take care of it. Initially, we were both not too thrilled. As it turned out though, we were the crypto freaks and had a strong grasp on technical security while the other company was focussing mainly on organizational security, so we let them take care of that part of the job and hacked away peacefully. (But usually companies just want one "security provider".) Kind regards, Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33 Güterstrasse 86 Fax:+41 61 383 14 67 4053 Basel Web:www.sygroup.ch tonnerre.lombard () sygroup ch
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Cross-company collaboration Erin Carroll (Jul 17)
- Re: Cross-company collaboration Tonnerre Lombard (Jul 22)
- RE: Cross-company collaboration Jonathan Cran (Jul 30)
- Re: Cross-company collaboration Adriel T. Desautels (Jul 30)
- RE: Cross-company collaboration Jonathan Cran (Jul 30)
- Re: Cross-company collaboration Tonnerre Lombard (Jul 22)