Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SCADASEC] 11. Re: SCADA Security - Software fee's
From: Smoking Gun <pentesterkunt () gmail com>
Date: Mon, 23 Feb 2009 11:28:16 -0500

On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson <krymson () gmail com> wrote:

On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun <pentesterkunt () gmail com>

Blah blah gross personal speculation blah...

At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets
back a scan with some dumpy reports on it (sorry, it's not a SmokingGun
report that shakes the ground and makes angels weep), where is the real
breakdown here? Did she not get something in return? Was she underpaying and
thus getting Crazy Eddie crap? Was her expectation skewed? Or maybe is her
resultant declaration that her company is fully secure after that scan

The real breakdown here comes from Cloe soliciting the services of someone
who is labeling themselves an expert. This whole "Walmart" style penetration
tester in a box theme being promoted by underclued individuals and marketed
to the industry is devaluing the work many have worked hard to perfect. Many
have given countless hours, codes, write-ups, seminars you name it. There is
nothing wrong with making a euro, dollar, baht, don't mistake this but when
there are mission critical applications and institutions at hand, that buck
should take a backseat for the security of lives - or did you miss the subject
portion of SCADA Security.

Making no mistakes is what establishes the certainty of victory, for
it means conquering an enemy that is already defeated. - Sun Tzu

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]