|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Geoff Galitz (geoff
galitz.org)
Date: Sat Jul 18 2009 - 04:14:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> But why
> wouldn't a company that offers penetration testing services offer up
> any research that
> it did in the form of advisories? What is the point of doing that
> research if you never
> use it to help vendors help their customers fix risks?
>
Sometimes a firm hires experts for penetration testing on spec for internal
research. Some companies are being proactive about their security and
resolving their issues before their customers or third parties discover
them.
Those advisories are typically kept private for internal research.
-geoff
---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]