Reindl Harald writes:
Am 07.01.2012 06:35, schrieb Digimer: >> if you have a big customer which hires a 3rd party auditor >> you are NOT in the poisiton to give such arguments or >> you can give them but you can not change ANYTHING in >> the fact that finally "fix it or shutdown the service" >> is what you have to do > > If you have a "security expert" who can't grasp the concept of > back-ported bug fixes, and is unwilling to test for specific > vulnerabilities' existence, it's time to get a new expert. you are missing the point A BIG CUSTOMER has a security-expert
Tell your customer to ask for their money back. Offer to set up a test server that their fustercluck of a scanner will claim to be vulnerable, yet is not.
Or, better yet, tell your customer that you'll be happy to set up a server that'll pass their nonsense of a scan, yet is vulnerable to some old exploit.
Attachment:
pgppoxce72aHK.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
