[AusNOG] Something else to be worried about

Barry Raveendran Greene bgreene at senki.org
Mon Jun 26 13:24:10 EST 2017


> On Jun 26, 2017, at 7:26 AM, Matthew Smee <matthew.smee at sydney.edu.au> wrote:
> 
> I believe the point of the article was that we have intelligence agencies hoarding critical-level 0day exploits and the consequences of this go beyond some enterprise losing productivity for a while - instead we're talking about planned or incidental attacks that can also affect infrastructure and hospital networks. There are consequences of the existence of these, especially when they're leaked to the world.

This is not new. State Level Threat Actors will not give away their z-day discoveries. That is why it is:

1. Critical for Vendors have aggressive programs to seek out security vulnerabilities on their products.

2. Operators, Enterprises, and Cloud Operators to have aggress programs to seek out security vulnerabilities on their systems.

How many people on this list have pull in their major vendors for a day of a security conversation? Here are two list of questions to ask your vendors when them come for a visit:

Questions to ask vendors to gauge their commitment to “secure products”
http://www.senki.org/questions-ask-vendors-gauge-commitment-secure-products/

Demand Security from your Vendors
http://www.senki.org/demand-security-vendors/

Does this work? Yes! Being on the other side (vendor side), customers who start asking security vulnerability, SDL, and other questions has an impact. These ‘conversations’ become the “justification” to fund these activities. They get defunded if customers do not push.

Barry


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170626/41368888/attachment.sig>


More information about the AusNOG mailing list