RE: Informing Companies about security vulnerabilities...

From: Michael Scheidell (scheidell@secnap.net)
Date: Sun Oct 08 2006 - 15:23:45 EDT

• Next message: Praburaajan: "HITBSecConf2006 CTF Source code and daemons"
• Previous message: Christian Martorella: "Re: Sql injection automated check tool"
• Maybe in reply to: me@gmail.com: "Informing Companies about security vulnerabilities..."
• Next in thread: jay.tomas@infosecguru.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: jay.tomas@infosecguru.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: none@none.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: Levenglick, Jeff: "RE: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: stillnone@none.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: v0083mw02@sneakemail.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of Arian J. Evans
> Sent: Friday, October 06, 2006 11:41 AM
> To: pen-test@securityfocus.com
> Subject: RE: Informing Companies about security vulnerabilities...
> The questions I still have:
>
> 1) How bad does it have to get? Human life?

The medical profession seems to be the worst when it comes to
proactivally addressing the security issue (insurance is cheaper than
fixing the problems)..

Financial instituts are the quickest at it. (I guess money is worth more
than life)

No, its not the threat of the loss of human life that motivates a
company to fix their security problems, its los of money.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Praburaajan: "HITBSecConf2006 CTF Source code and daemons"
• Previous message: Christian Martorella: "Re: Sql injection automated check tool"
• Maybe in reply to: me@gmail.com: "Informing Companies about security vulnerabilities..."
• Next in thread: jay.tomas@infosecguru.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: jay.tomas@infosecguru.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: none@none.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: Levenglick, Jeff: "RE: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: stillnone@none.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Maybe reply: v0083mw02@sneakemail.com: "Re: RE: Informing Companies about security vulnerabilities..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:09 EDT