Search
-
Re: Do security companies really care about security.
-
Do security companies really care about security.
I wanted to discuss a point of frustration I have had in the last couple of months. Part of my job is to evaluate new security technologies for my company. I won't mention names but do these companies really care about security. Let me give you some examples: One company offers a vulnerability scanner, but their password… -
Re: Do security companies really care about security.
Of course they don't. Any company cares about money (i.e. business) first and everything else is an afterthought. Apparently their business goes well so far even without these security controls. Why would they care to implement them? Actually recently I hosted a security meetup where I proved with numbers that Target Corp… -
Re: Do security companies really care about security.
I'm curious, who did they get to agree to do a one hour pen test? I wouldn't think any reputable Pen tester would agree to perform it. There no money in it and if/when the company get hacked, do they really want there names associated with this "penetration" test. Like the company wouldn't hesitate to say that we thought… -
Re: Do security companies really care about security.
-
Re: Do security companies really care about security.
A company I worked for in the past provided a one hour external pen test. Enough said about companies caring about security. It was just enough in some cases to pass and companies took advantage of it. What can your really test in one hour of a network that you have no idea about. You just start running random attacks as… -
Re: Do security companies really care about security.
Maybe they have a bug bounty program you can take advantage of. If so, don your white hat and do a proof of concept hack in your lab, and make some side money while providing a valuable service. Or, you could just tell them their platform has security vulnerabilities and for that reason their bid has been eliminated from… -
Re: Do security companies really care about security.
The issue is a difference between departments. Sales staff will straight lie about the capabilities of a product or overstate it to make a sale. Dev staff are subject to the same requirements as other companies, get a product ready for release. Now usually there is a corps of individuals within the company who do care… -
Re: Do security companies really care about security.
I know of a hosting provider which provides service offerings to take most of the load off their customers to be compliant for various industry standards and regulations. And yet, the systems they maintain and monitor clearly should fail audits based on configuration alone. And it's not possible to truly "trust but verify"…
9 results