Re: Tangram Enterprise

[Tom Weaver <tweaver () GOVCONNECT COM>]

My former company runs Tangram, and we had to work very closely with the 
vendor to get the *NIX version working correctly, as the vendor did not 
have any experience in *NIX. I'm sure there are security holes, but 
cannot name any as I was not part of the evaluation.  I will check around 
with my ex-coworkers and see what I can find out about security holes for 
it. 

Generally, from a sysadmin perspective, it has a very limited use, and 
even then, it was never 100% accurate.  I would push hard to get your 
corporation to change it's mind.

TW

> > > > > > > > > > > > > > > > > > Original Message <<<<<<<<<<<<<<<<<<

On 9/16/00, 3:44:01 PM, Security Dude <security () CAREYINCORPORATED COM> 
wrote regarding Tangram Enterprise:


> Anybody heard of Asset Insight made by Tangram Enterprise Solutions
> (www.tesi.com)
> Its a Client App that will inventory a computer for hardware and software
> and reports back to a central server.
> It runs in the background all the time, but only audits once a week.
> I would like to know if this app has any known holes or buffer overflows. 
I
> have sesrch around and could find any, yet.
> Runs on *NIX and WinTel platforms.
> The Corporation is going to roll this out and I wanted to see if there is
> any security issues.
> Any feed back would be great.
> Thanks
> SD