Re: Wanted: hackers for tiger team (new england area)
Brad Powell (Brad.Powell@EBay.Sun.COM)
Mon, 3 Oct 94 09:11:52 PDT
Christopher William Klaus <cklaus@shadow.net> <iss@shadow.net>
writes:
>All kidding aside, how much will a company pay to be broken into? Has
>anyone here hired a tiger team and did they find the investment worth it?
>
being able to break into machines does not always mean the breaker is
capable of understanding the proper ways of securing machines.
We do commonly take the tiger-team approach every so often when we
can find someone who is trustworthy :-)
As long as we can be sure the person/group is going to tell _all_
that they found..... then we are interested in paying/contracting ect..
We don't want to pay someone to bang on the doors and then tell us 1/2
of our bugs and then tell the cracker comunity the other half :-) :-(
:-(.... The half we get is commonly the half we already know e.g. not
worth our time/money.
Its a matter of integrity, a trait that is not commonly associated with
crackers too often :-\. Too bad _some_ of them show some real promise.
trust is something to be earned not assumed.
=======================================================================
Brad Powell : brad.powell@Sun.COM |
|
Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI
ENS Network Security Group | and Consultant
Sun Microsystems Inc. |
=======================================================================
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
=======================================================================