service version disclosure

Digimer linux at alteeve.com
Sat Jan 7 06:52:58 UTC 2012


On 01/07/2012 01:02 AM, Reindl Harald wrote:
> Am 07.01.2012 06:35, schrieb Digimer:
>>> if you have a big customer which hires a 3rd party auditor
>>> you are NOT in the poisiton to give such arguments or
>>> you can give them but you can not change ANYTHING in
>>> the fact that finally "fix it or shutdown the service"
>>> is what you have to do
>>
>> If you have a "security expert" who can't grasp the concept of
>> back-ported bug fixes, and is unwilling to test for specific
>> vulnerabilities' existence, it's time to get a new expert.
> 
> you are missing the point A BIG CUSTOMER has a security-expert

No, I'm not missing the point. You're asking for a wholesale change in
how a program works so that you can have an easier time with an
uneducated customer. Your job, as a consultant or IT support is not make
sure that your solution is safe. Making you customer feel comfortable
without actually given them security is a bad idea.

-- 
Digimer
E-Mail:              digimer at alteeve.com
Freenode handle:     digimer
Papers and Projects: http://alteeve.com
Node Assassin:       http://nodeassassin.org
"omg my singularity battery is dead again.
stupid hawking radiation." - epitron


More information about the devel mailing list