Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: "Thor (Hammer of God)" <Thor () hammerofgod com>
Date: Mon, 17 May 2010 18:08:20 +0000

Is my business at risk, if I
say the wrong thing, and my customers go out of business because
their hardware/software combination is no longer viable?  I imagine
these questions are on the minds of many IT managers, and with a
chart on the wall showing 243% mutation, it is only reasonable that
they be asked.


Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

In business, you are always exposed to some level of risk when you charge for professional services.  That's why you 
carry various business insurance policies should you engage in a project in which you are responsible for some level of 
loss on behalf of your client.  $5 million in E&O is typical, though I've seen a little as $1 million as a requirement.

Given that malware and virus mitigation is a systemic issue, I doubt you could be held responsible for a company "going 
out of business" because an AV program made their hardware and software unviable.  However, when you make public posts 
to a mailing list that is replicated worldwide about how you are consulting for a business that purchased a $24,000 
.net application (or whatever it was) but then go on to say how you know absolutely nothing about .net, I do think you 
are opening yourself up for legal action should the company have issues (which, they probably will) and there is 
basically "proof" in your own words that you are unqualified to do the work.

I know my way around different .nix installations a bit.  I can make stuff run, and I actually quite good at screwing 
up a kernel rebuild.  However, I don't trust myself to set up a secure unix installation; certainly not to a point that 
I would provide professional services and bill clients for.  If I were to do that, I would (and should) be held liable 
for damages arising out errors I am responsible for.

The "right" thing to do here, from a business and ethics standpoint, is to subcontract a .net professional who can 
represent you properly.  The job will get done properly, you will make money, and your customer will be happy.   You're 
in London, right?  Call up some guys at NGS and see if they can help you.  There are some really good people there.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]