On Sun, 3 Jun 2001, Etaoin Shrdlu wrote:
> hellNbak wrote:
>
[SNIP]
>
> Sure, but references are not always possible. Many penetration tests
> will be covered by non-disclosure agreements. Companies are risk-averse,
> as they should be, and this particular area is seen as one that does not
> lend itself to the next big marketing campaign. I can see it now:
> "BigCompany announces successful penetration testing by Ernst and Young.
> Only five compromised machines this time!"
>
I do not think "references" has to be taken in this context. A company
can affirm that their dealings with another without divulging too much
secured information in the process. Just becuase I acknoledge I hired a
firm to test my systems does not have to in anyway imply weakness was
discovered. So, references should be possible for anything but a startup
firm and then even in that case, references of partners or cuonsultants
prior work experience in the field might well and should be able to be
presented, yes?
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: darkstar.sysinfo.com
http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
This archive was generated by hypermail 2b30 : Sun Jun 03 2001 - 23:16:05 PDT