From: Paul Melson (pmelson@gmail.com)
Date: Mon Oct 09 2006 - 09:26:13 EDT
-----Original Message-----
Subject: Re: WebServices Testing
> correction/adition , If/when they find out, they will often not want to
know in my experience, and
> often make it not appear in their final version of the report.
> i've been asked many times to take things out of reports, and just told
them "you also get a digital
> copy...." {hint}
I've been asked to do the same thing, usually in the context of, "Well we
fixed it between the time you found it and getting the final report." But
I've never deleted a finding from a report. It defeats the purpose. If the
customer doesn't like it, they can (and do) hire someone less ethical to do
their next assessment. Which leads me to...
> do you think one should punish junkies rather then dealers ?
> or... lock out the dealers and try to ensure no dope is required, by
guiding the potential junkies away
> from it.
I don't want to let this turn into a debate over drug enforcement policies
because the analogy is thin at best, but you see how well busting dealers
and locking up users has worked in the US. (In case you're wondering what I
mean,
http://www.huffingtonpost.com/walter-cronkite/telling-the-truth-about-t_b_16
605.html)
Educating customers as to the long-term benefits of doing the right thing
(despite additional effort and cost) will probably be more effective than
chastising consultants that don't do what you feel they should. After all,
they still got paid, didn't they? And you come off like a hater.
PaulM
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:10 EDT