Re: Wanted: hackers for tiger team (new england area)

[Brad.Powell () EBay Sun COM (Brad Powell)]

Christopher William Klaus  <cklaus () shadow net>  <iss () shadow net>
writes:

> All kidding aside, how much will a company pay to be broken into?  Has 
> anyone here hired a tiger team and did they find the investment worth it?

being able to break into machines does not always mean the breaker is
capable of understanding the proper ways of securing machines.

We do commonly take the tiger-team  approach every so often when we 
can find someone who is trustworthy :-)

As long as we can be sure the person/group is going to tell _all_
that they found..... then we are interested in paying/contracting ect..
We don't want to pay someone to bang on the doors and then tell us 1/2
of our bugs and then tell the cracker comunity the other half :-) :-(
:-(.... The half we get is commonly the half we already know e.g. not
worth our time/money.

Its a matter of integrity, a trait that is not commonly associated with
crackers too often :-\. Too bad _some_ of them show some real promise.

trust is something to be earned not assumed.

=======================================================================
Brad Powell : brad.powell () Sun COM        | 
                                         |
Full Time: Sr. Network Security Analyst  |Part time: Cyberspace PI
           ENS Network Security Group    |           and Consultant
           Sun Microsystems Inc.         |
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================