[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software fee's
- To: Michael Krymson <krymson@xxxxxxxxx>
- Subject: Re: [Full-disclosure] [SCADASEC] 11. Re: SCADA Security - Software fee's
- From: Smoking Gun <pentesterkunt@xxxxxxxxx>
- Date: Mon, 23 Feb 2009 11:28:16 -0500
On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson <krymson@xxxxxxxxx> wrote:
>
>
> On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun <pentesterkunt@xxxxxxxxx>
> wrote:
>>
> Blah blah gross personal speculation blah...
>
> At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets
> back a scan with some dumpy reports on it (sorry, it's not a SmokingGun
> report that shakes the ground and makes angels weep), where is the real
> breakdown here? Did she not get something in return? Was she underpaying and
> thus getting Crazy Eddie crap? Was her expectation skewed? Or maybe is her
> resultant declaration that her company is fully secure after that scan
> ludicrous?
The real breakdown here comes from Cloe soliciting the services of someone
who is labeling themselves an expert. This whole "Walmart" style penetration
tester in a box theme being promoted by underclued individuals and marketed
to the industry is devaluing the work many have worked hard to perfect. Many
have given countless hours, codes, write-ups, seminars you name it. There is
nothing wrong with making a euro, dollar, baht, don't mistake this but when
there are mission critical applications and institutions at hand, that buck
should take a backseat for the security of lives - or did you miss the subject
portion of SCADA Security.
--
Making no mistakes is what establishes the certainty of victory, for
it means conquering an enemy that is already defeated. - Sun Tzu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/