Comments inline... ----- Original Message ----- From: "hellNbak" <[EMAIL PROTECTED]> To: "Andrew Thomas" <[EMAIL PROTECTED]> Cc: "Erik Parker" <[EMAIL PROTECTED]>; "Arjen De Landgraaf" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, September 18, 2002 5:32 PM Subject: Re: [Full-Disclosure] openssl exploit code (e-secure-it owned)
> > Or maybe you'd be willing to pay for another admin to work half-day to keep > > up with the lists. Again, I wouldn't. I'd rather split the costs with ... > Some companies do exactly this. It depends on your organization size and > security budget. If the "service" is going to cost you an arm and a leg > to implement and use is it not worth it to hire a junior security resource > instead? Definitely. Agreed on all costs. My example being from an historical situation that I found myself in, with a bit of poetic licence to make the point of the devils advocate. > > Or what am I missing here? > > There are free alternatives to giving these guys your money. I definitely missed that :) Would you care to give me pointers to these services? Regards, Andrew _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
