Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] WebEx security?
From: Bennett Todd <bet () RAHUL NET>
Date: Tue, 31 Oct 2000 15:02:09 -0500

2000-10-31-12:53:14 Alfred Huger:
I would have to disagree with the notion that weak network
security on their site relates to an insecure product.

Sounds like you have some different experiences from me.

The IT folks are without doubt not the same people who are writing
the application in question.

Certainly, but...

I can think of a number of vendors who have excellent products in
terms of security and terrible network security....

I've never met a single one, and have trouble picturing how it can
happen. I've seen plenty of vendors with decent in-house security
that ship product with lousy security; that happens whenever the
folks making the sales and marketing decisions don't understand the
need for security; far too few customers will demand it to create
good pressure from their side, it has to come from the sales staff.

But in what sort of shop would designers and sales staff who
understand and care about appropriate security ignore the fact that
their own systems don't have it, or be ignored when they report
that to management?

Bad IT people do not add up to a bad product.

In my experience good IT people maintaining a good secure vendor
site are a necessary but not sufficient condition to see good
product coming from that vendor. And so I've invariably found that
bad IT people do indeed invariably go with bad product.


Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]