Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 17 May 2010 20:59:54 +0100

On 17 May 2010 at 18:08, Thor (Hammer of God) wrote:

Is my business at risk, if I
say the wrong thing, and my customers go out of business because
their hardware/software combination is no longer viable?

In business, you are always exposed to some level of risk when you
charge for professional services.  That's why you carry various
business insurance

No, I'm not worried about being sued, I'm worried about my revenue 
streams disappearing.

However, when you make public posts to a mailing list that is
replicated worldwide about how you are consulting for a business that
purchased a $24,000 .net application (or whatever it was) but then go
on to say how you know absolutely nothing about .net, I do think you
are opening yourself up for legal action

Not at all - my customer is fully aware that I know nothing about 
their software.  They got sick of me giving them my disclaimer.  They 
are happy for me to work on it because otherwise, they need to pay a 
large amount in annual support fees, to the company who wrote the 

However, I don't trust myself to set up a secure unix installation;
certainly not to a point that I would provide professional services
and bill clients for.  If I were to do that, I would (and should) be
held liable for damages arising out errors I am responsible for. 

Small print is always good.  Also, some systems need to be more 
secure than others.  For public servers, I outsource to another 

The "right" thing to do here, from a business and ethics standpoint,
is to subcontract a .net professional who can represent you properly. 

I am pushing my customer to re-sign the service contract with the 
developers of the product.  They don't want to spend the money.  
There's politics too - the guy who made the purchasing decision 
doesn't want to admit it was a mistake, so he is pretending there are 
no problems with the software, and therefore there is no need to pay 
for the service contract (or so goes his logic).

It'd make an excellent case study for someone...

The job will get done properly, you will make money, and your customer
will be happy.   You're in London, right?  Call up some guys at NGS
and see if they can help you.  There are some really good people

Thanks.  I don't have access to the source, however, so I doubt 
there's anything that can be done.  This app, even the error messages 
are encrypted!  (is that some .NET wheeze? lovely....)  So it can be 
quite touch and go. But it still costs them less than their annual 
support contract would.


Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

 * Origin: lsi: revolution through evolution (192:168/0.2)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]