[Full-Disclosure] openssl exploit code (e-secure-it owned)
andrew at generator.co.za
Wed Sep 18 16:05:33 BST 2002
A few comments I believe are in order.
Firstly, Erik has a point with regards to securing your own boxes. If
they're not secured tightly, why should a company trust information
proporting to come from you?
Secondly, I had a look at the business proposition that Arjen's group is now
following. I though it was a valuable service and I still believe it is a
Time=money, and perhaps you might be willing to take on an admin job that
requires +-8 hours a day, plus spend an additional 2-3 hours a day keeping
up with mailing lists in your own time, but not all are.
Or maybe you'd be willing to pay for another admin to work half-day to keep
up with the lists. Again, I wouldn't. I'd rather split the costs with
several other companies and keep my admin up to date with information
relevant to our internal architecture. I don't want to pay for my staff to
spend hours a day staying current with vulnerability information on
AIX/HPUX/Linux, when we're running a FreeBSD/Solaris shop.
Or what am I missing here?
Full-Disclosure is hosted and sponsored by Secunia.