Security Basics mailing list archives
Re: Would you bet your life on your security?
From: David Moisan <dmoisan () davidmoisan org>
Date: Thu, 02 Oct 2003 22:19:24 -0400
At 05:41 PM 10/2/2003 -0400, simon wrote:
Let me make this very simple for you. If you bring your car into a shop and they find no problems do you want to pay for a brake job, and new ball joints? If we find vulnerabilities then we will
Most people accept that there is a cost in time and money to perform the inspection.
Then again, if I were having car work done, I might think a low-ball or even no-ball price estimate, as is so often seen, is just the thin end of the wedge to justify more work and more money from the customer.
help you fix them. If we don't, then you haven't spent a dime. What you seem to be proposing is that you spend money regardless of the work done? Hey, send some checks my way...
You seem to be proposing that I, for one, should give you an open-ended assignment knowing that you will (in fact, must, if you are to make a profit) have an incentive to "find problems".
I thought about taking you up for about two seconds, but I represent a small nonprofit and the costs of remediation by a third party such as yourself that is determined to find security problems (as a good hacker would do) would well outweigh the benefits. Most security consultancies work for enterprise clients and they do *not* scale down to small businesses well, if at all and are not a bargain for us at *any* price.
Besides, it sounded too much like the extortionate offer we got on the list a few months back from someone offering to "fix" their own hacking for a fee.
Take care, Dave David Moisan, N1KGH ARES/SKYWARN dmoisan () davidmoisan org Invisible Disability: http://www.davidmoisan.org/invisible_disability.html ATS-909 FAQ: http://www.davidmoisan.org/radio/sangean/ats909faq.html --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Would you bet your life on your security? simon (Oct 01)
- Re: Would you bet your life on your security? Jimi Thompson (Oct 10)
- <Possible follow-ups>
- Re: Would you bet your life on your security? Eric Brown (Oct 02)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 06)
- Re: Would you bet your life on your security? Ranjeet Shetye (Oct 02)
- Re: Would you bet your life on your security? simon (Oct 02)
- Re: Would you bet your life on your security? David Moisan (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 02)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? MacDougall, Shane (Oct 03)
- RE: Would you bet your life on your security? David Gillett (Oct 06)
- Re: Would you bet your life on your security? simon (Oct 06)
- RE: Would you bet your life on your security? David Gillett (Oct 06)