How does any organization have productive and meaningful security conversations? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors. This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations. With
Tag: Vulnerability Response
Huawei’s Customers Share Accountability
Vendors have a responsibility to deliver products to the best of their “security” capacity. At the same time the vendor’s customer have a responsibility to push for security accountability. Huawei’s Customers share accountability for the lack of security capabilities and capacity. Huawei responds to the DEFCON presentation …. “We are aware of the media reports Read More
Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT
I was watching Matthew Watchinski walk through the events and activities behind our Adobe vulnerability this past Feb (see US CERT’s “Adobe Acrobat and Reader Vulnerability TA09-051A“). What struck me about Matt’s talk is a statement he made near the end: “… Full Disclosure vs Non-Disclosure debate is dead. I learned this because my E-mail Read More