Penetration Testing mailing list archives
Re: Heartland Gets Religion on Security
From: security curmudgeon <jericho () attrition org>
Date: Sat, 20 Jun 2009 21:09:57 +0000 (UTC)
: I agree. Over at DataLossDB, I inquired about adding a column for the : firm(s) performing the audit in an attempt to [possibly] correlate : breaches with firms. Unfortunately, DataLossDB did not feel they had the : resources to accommodate. I can't help but feel there is an Enron/Arthur : Anderson relationship among some of these folks. That is not exactly what we said =) We said that for less than 1% of incidents we know the auditor. For the few that have come to light, I have been adding them as a comment to the entry. We can add a column fairly easily, but it will end up being almost completely empty. Such columns generate more questions and complaints than it's worth sometimes. If anyone can demonstrate that the auditor's name is easy to obtain or will help us with the research, it may speed up the decision to add it. Brian DatalossDB.org ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Fwd: Heartland Gets Religion on Security Jeffrey Walton (Jun 18)
- Re: Heartland Gets Religion on Security rajat swarup (Jun 20)
- Re: Heartland Gets Religion on Security Jeffrey Walton (Jun 20)
- Re: Heartland Gets Religion on Security security curmudgeon (Jun 20)
- Re: Heartland Gets Religion on Security Jeffrey Walton (Jun 20)
- Re: Heartland Gets Religion on Security rajat swarup (Jun 20)