Re: Pentesting tool - Commercial

From: Andre Gironda (andreg@gmail.com)
Date: Tue Mar 04 2008 - 03:34:40 EST

• Next message: Michael Cain: "Packet modifying proxy tool"
• Previous message: HACK the PLANET: "Re: VBScript Runtime Error'800a0006'"
• In reply to: Ivan Arce: "Re: Pentesting tool - Commercial"
• Next in thread: Trygve Aasheim: "Re: Pentesting tool - Commercial"
• Reply: Trygve Aasheim: "Re: Pentesting tool - Commercial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, Feb 28, 2008 at 4:26 PM, Ivan Arce <ivan.arce@coresecurity.com> wrote:
> But before
> that, I'd like to ask you to clarify how did you come to your conclusions
> and if you were or are a licensed user of a current and up-to-date version
> of CORE IMPACT because I suspect you may be providing opinions that are
> based on a partial or limited view of our product. Please feel free to
> contact me directly or through any of Core's Customer Support channels so
> we can follow up on any particular feedback (or complain) you may want to
> provide.

I said that my list wasn't up-to-date, but included much of 2007. If
you added 400 new exploits in the past 6 months - my mistake for not
making that clear enough. All of the other information about my
process to getting to those numbers was included in the thread. I can
re-quote all of them if necessary.

If I was a paying customer (or ever had been), I probably would have
violated a EULA for talking about such information in the public eye.
I have no intention of contacting you (or anyone at Core) about paying
for your product, and I don't really deal well with customer support
channels.

If you feel that these are opinions, that's fine - but I don't feel that way

If these vulnerability assessment management and network
penetration-testing tools were so important - how come they don't help
a person create the next iPhone expoit, the next QuickTime exploit, or
the almost certainly find the next Java JVM or Adobe Reader
vulnerability?

I suspect you may be providing opinions based on a limited view of the
industry based around your own product.

Cheers,
Andre

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Michael Cain: "Packet modifying proxy tool"
• Previous message: HACK the PLANET: "Re: VBScript Runtime Error'800a0006'"
• In reply to: Ivan Arce: "Re: Pentesting tool - Commercial"
• Next in thread: Trygve Aasheim: "Re: Pentesting tool - Commercial"
• Reply: Trygve Aasheim: "Re: Pentesting tool - Commercial"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT