Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Insurance
From: Howard518 () aol com
Date: Wed, 27 Nov 2002 17:52:43 -0500

Whilst the Company wants assessments and Penetration tests, It's down to the Supplier providing the Service of 
penetration testing to make sure that the client sees a Conformity Letter stating that whilst the Supplier is providing 
the penetrations tests the supplier will not be liable for any acts towards the systems they are pen - testing. The 
client must sign this as part of the proposal deal, if they don't it's down to the supplier if they want to proceed 
with the assessment knowing they could be liable. As we all know even when not attaching any testing equipment or even 
touching the infrastructure, the client will always point the finger at you when something goes wrong.

Big Blue when generating proposals make sure that the client signs a non disclosure and "get out of jail free letter" 
in case of problems such as penetration( Hacking) testing

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]