[Owasp-singapore] Vendor asking customers to be less secure

Wong Onn Chee ocwong at usa.net
Wed Mar 10 02:21:18 EST 2010


Hi Donald,

Thanks for your insight.

My point is not about the customers who use Fiserv.

Instead, my point is about what Fiserv is doing to their customers.

Of course, if I am using Fiserv products and they void any support for
Adobe Reader 9, then I won't be upgrading to Adobe Reader 9. Running
unsupported applications is also another risk.

The question we need to ask is how can customers ensure they do not get
penalised by the vendors' incompetency or insecurity.

I also work in a vendor organisation, but to be fair, I have to view
this from a customer's point of view.

So my poser is how you, as a customer, handle this advisory and even
prevent such risk from ever happening to you.

Cheers
Onn Chee

On 03/10/2010 02:39 PM, Donald Ong wrote:
> Yes and No.
>
> It really depends on the impact. If the impact is the critical
> products the company is using is not working after an upgrade and
> affects the business, then the answer is "no" to the upgrade. Else,
> why not since it is a patch over the previous version of adobe reader.
>
> Understand most of us are from the technical sides, where our answers
> for upgrade to new version is a yes. But it is important to think on
> the business impacts, because that is where your revenue comes from.
>
>
> Donald
>
> On Tue, Mar 9, 2010 at 11:13 AM, Wong Onn Chee <ocwong at usa.net
> <mailto:ocwong at usa.net>> wrote:
>
>
>       Fiserv to Banks: Stay on Outdated Adobe Reader
>
>     http://www.databreaches.net/?p=10550
>
>
>     A poser to everyone out there.
>
>     What will you do when your vendor sends you this advisory?
>
>     I will like to conduct a poll of what your reactions will be.
>
>
>     Cheers
>     Onn Chee
>
>     _______________________________________________
>     Owasp-singapore mailing list
>     Owasp-singapore at lists.owasp.org
>     <mailto:Owasp-singapore at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20100310/bce9a6e0/attachment-0001.html 


More information about the Owasp-singapore mailing list