How does any organization have a productive and meaningful security conversation? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors. This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations.
What security questions are you asking your vendors? The Bloomberg article, “How Russian Hackers Stole the Nasdaq,” is a sobering insight into today’s risk. It should be a wake-up call for all organizations in all parts of the world to understand that even the best security teams are facing an overwhelming threat. The focused expertise used by
Vendors have a responsibility to deliver products to the best of their “security” capacity. At the same time the vendor’s customer have a responsibility to push for security accountability. Huawei’s Customers share accountability for the lack of security capabilities and capacity. Huawei responds to the DEFCON presentation …. “We are aware of the media reports
The Facts: Two researchers from Recurity Labs – Felix Lindner (also known as “FX”) and Gregor Kopf – presented a talk at DEFCON titled: Hacking [Redacted] Routers. (see https://www.defcon.org/html/defcon-20/dc-20-speakers.html#FX). Their work examined the Huawei AR18 and AR28 routers. Exploitable vulnerabilities were discovered. Questions to the quality of the code were raised. A general concern in