Re: Publishing Findings on Commercial Applications

From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Wed Jun 14 2006 - 17:52:58 EDT

• Next message: Eduardo Espina: "Re: Physical ports in IOS"
• Previous message: intel96: "Re: Publishing Findings on Commercial Applications"
• In reply to: Jezebel Ali: "Re: Publishing Findings on Commercial Applications"
• Next in thread: Jezebel Ali: "RE: Publishing Findings on Commercial Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jezebel Ali dijo:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings Brother David MacDonald and other List member,
>
> Thanks for response. I must admit that publishing finding makes no
> sense, yet I look at it from point of view of helping other bank
> and financial institutes to protect themselves. This findings may
> save them money by helping do it themselves.

If that is your target, provide a report to your customer. He sure has
some closed list he can e-mail your findings to. I know a number of
banks that have very strong relationships and exchange IT security
information between themselves, after all, they typically use similar
products. If you customer is big enough he probably has those ties too.

If he doesn't, then you can still forward the report to *your* contacts
in the bank industry instead of posting it in a publich list. Don't
think that if you publish your findings in a public forum you will be
read by banking industry members. Many of them will probably monitor
some other (internal/non public) mailing lists or forums with a better
signal/noise ratio.

Just my 2c.

Javier

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Eduardo Espina: "Re: Physical ports in IOS"
• Previous message: intel96: "Re: Publishing Findings on Commercial Applications"
• In reply to: Jezebel Ali: "Re: Publishing Findings on Commercial Applications"
• Next in thread: Jezebel Ali: "RE: Publishing Findings on Commercial Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:06 EDT