RFP said: +I work for a company that was in business before I ever published anything +as RFP. I've been there for years now. I stand corrected. Read in an e-zine that you are a "security consultant". Assumed it was your own company. +I sit around an absorb myself in various security related challenges. In +the end, I have tools, research and information which I choose to share, +to promote further research. So do we. We just also want to make a living doing it. We don't rape the industry - we contribute where we can. +If I was truly a sell-out, why the hell would I release my tools and +research to the world? It would be worth more to me as exclusive +proprietary intellectual property used as a service to paying customers. RFP, the way I see this business is like this. You do your job, try to do it better that the dude next door, build cutting edge technology, release it to the public (as its stupid to think that no-one else will get it anyhow) and use it to get your company name out there, while you contributing to the industry as a whole. Does that mean selling out? I hope not. As soon as you keep stuff to yourself (in terms of pen-testing etc.) you are not acting in the spirit of the 'net...not so? +Unfortunately, the world doesn't always work how everyone expects it to. +And in the end, why should people sacrifice their lives and free time just +to continuously pump 0day research into an industry where, if they don't +profit from it, everyone else will? Hell, sensepost.com is a security +services company...are you saying that *every* tool you use is 100% +developed by an employee of sensepost? No for sure not. It was kinda my point that people release tools and those tools are used by people in the industry. We get the money - while other people spend time writing them - I do understand the frustration. As I mentioned before - the challenge is to make money, write some code and keep your brain in shape at the same time. Sensepost also writes tools - and we publish those - we think that we are contributing to the rest of the industry. +So I've sold out because I share my research with others, but +sensepost.com can take tools like nmap et al and use them to make a profit +as a security service, and that's ok? Immm..I don't get the "sold out" part. I am not saying that making a profit using other people's tools is wrong. Is it? Don't we all contribute to share tools - to make it easier for others to do their job better? Sensepost release all tools that we use, and those we have build for our own use - to share with others. Give and take... It could be that you misunderstood my previous email. Anyhow... Regards, Roelof. ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelofat_private +27 83 448 6996 http://www.sensepost.com http://www.hackrack.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 12:58:32 PDT