
Penetration Testing mailing list archives
Re: [PEN-TEST] Ethics Scenario
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Mon, 2 Oct 2000 14:57:15 -0500
I would personally call it chasing ambulances. Personally, I subscribe to about a dozen lists... including Attrition.org's Defaced Web Sites list. Every so often, someone local shows up. It Does take a lot to restrain the hand-of-death (tm) from picking up the phone and calling them. If you see that they are vulnerable from some other method... as in, you decided to "just see" if they were vulnerable... You might (very politely) offer your services. Better yet... Give the info to one of your sales people as a "Cold Call" lead: Don't tell the sales guy that this person's vulnerable... Most of the sales people I've seen can do a fine enough job of convincing someone that they "need" the service. If that doesn't open their mind to thinking about possible threats, nothing will. -----Original Message----- From: Christopher M. Bergeron [mailto:ChrisB () HGSS COM] Sent: Monday, October 02, 2000 12:44 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Ethics Scenario Here's a scenario that I'd like to get peoples' input on: A) Our company does pen-tests, security auditing etc... B) Our team finds a vulnerability/hole on a website just by poking around / using the site. The question is this: Do we tell the website company who we are and that we have discovered a vulnerability and then offer to provide them assistance with the vulnerability (for pay of course). i.e. offering them a full pen-test or an IDS or something...? Or does this tend to fall into the "chasing ambulances" type of business marketing strategy?
Current thread:
- [PEN-TEST] Ethics Scenario Christopher M. Bergeron (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Edward Mitchell (Oct 02)
- Re: [PEN-TEST] Ethics Scenario SM (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Erik Tayler (Oct 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Ethics Scenario Dunker, Noah (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Steve (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Tonick, Mike (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Gallicchio, Florindo (2282) (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Darryl Rathbun (Oct 02)
- Re: [PEN-TEST] Ethics Scenario Spy Fox (Oct 02)