Penetration Testing mailing list archives
Re: Publishing Findings on Commercial Applications
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Wed, 14 Jun 2006 23:52:58 +0200
Jezebel Ali dijo:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings Brother David MacDonald and other List member, Thanks for response. I must admit that publishing finding makes no sense, yet I look at it from point of view of helping other bank and financial institutes to protect themselves. This findings may save them money by helping do it themselves.
If that is your target, provide a report to your customer. He sure has some closed list he can e-mail your findings to. I know a number of banks that have very strong relationships and exchange IT security information between themselves, after all, they typically use similar products. If you customer is big enough he probably has those ties too.
If he doesn't, then you can still forward the report to *your* contacts in the bank industry instead of posting it in a publich list. Don't think that if you publish your findings in a public forum you will be read by banking industry members. Many of them will probably monitor some other (internal/non public) mailing lists or forums with a better signal/noise ratio.
Just my 2c. Javier ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- RE: Publishing Findings on Commercial Applications, (continued)
- RE: Publishing Findings on Commercial Applications Ralph Forsythe (Jun 13)
- Re: Publishing Findings on Commercial Applications Ivan Arce (Jun 14)
- Re: Publishing Findings on Commercial Applications javier (Jun 14)
- Re: Publishing Findings on Commercial Applications Paul Robertson (Jun 13)
- Re: Publishing Findings on Commercial Applications intel96 (Jun 14)
- Re: Publishing Findings on Commercial Applications mikeiscool (Jun 13)
- RE: Publishing Findings on Commercial Applications Paul Melson (Jun 14)
- Re: Publishing Findings on Commercial Applications mikeiscool (Jun 14)
- RE: Publishing Findings on Commercial Applications Paul Melson (Jun 15)
- RE: Publishing Findings on Commercial Applications Paul Melson (Jun 14)
- Re: Publishing Findings on Commercial Applications Jezebel Ali (Jun 13)
- Re: Publishing Findings on Commercial Applications Javier Fernandez-Sanguino (Jun 14)
- RE: Publishing Findings on Commercial Applications Jezebel Ali (Jun 14)