Christopher William Klaus <cklaus@shadow.net> <iss@shadow.net> writes: >All kidding aside, how much will a company pay to be broken into? Has >anyone here hired a tiger team and did they find the investment worth it? > being able to break into machines does not always mean the breaker is capable of understanding the proper ways of securing machines. We do commonly take the tiger-team approach every so often when we can find someone who is trustworthy :-) As long as we can be sure the person/group is going to tell _all_ that they found..... then we are interested in paying/contracting ect.. We don't want to pay someone to bang on the doors and then tell us 1/2 of our bugs and then tell the cracker comunity the other half :-) :-( :-(.... The half we get is commonly the half we already know e.g. not worth our time/money. Its a matter of integrity, a trait that is not commonly associated with crackers too often :-\. Too bad _some_ of them show some real promise. trust is something to be earned not assumed. ======================================================================= Brad Powell : brad.powell@Sun.COM | | Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI ENS Network Security Group | and Consultant Sun Microsystems Inc. | ======================================================================= The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. =======================================================================