[Owasp-singapore] Vendor asking customers to be less secure

Wong Onn Chee ocwong at usa.net
Wed Mar 10 02:33:21 EST 2010


Just to follow up from my previous emails.

Since now _*ALL*_ of us know that this kind of risk can happen to us as
a customer of any vendor products, we, members of OWASP/SSMG, can no
longer claim ignorance about such risk.

After knowing this, how can we (assumed to be representing the customer
organisations) proactively protect ourselves and prevent such vendor
risks from occurring to us?

Just to pre-empt - the size of vendor is irrelevant in avoiding such
risk, so answers such as choose the biggest vendor does not hold water. ;-)

Hope to hear from all of you!

Cheers
Onn Chee


On 03/10/2010 02:39 PM, Donald Ong wrote:
> Yes and No.
>
> It really depends on the impact. If the impact is the critical
> products the company is using is not working after an upgrade and
> affects the business, then the answer is "no" to the upgrade. Else,
> why not since it is a patch over the previous version of adobe reader.
>
> Understand most of us are from the technical sides, where our answers
> for upgrade to new version is a yes. But it is important to think on
> the business impacts, because that is where your revenue comes from.
>
>
> Donald
>
> On Tue, Mar 9, 2010 at 11:13 AM, Wong Onn Chee <ocwong at usa.net
> <mailto:ocwong at usa.net>> wrote:
>
>
>       Fiserv to Banks: Stay on Outdated Adobe Reader
>
>     http://www.databreaches.net/?p=10550
>
>
>     A poser to everyone out there.
>
>     What will you do when your vendor sends you this advisory?
>
>     I will like to conduct a poll of what your reactions will be.
>
>
>     Cheers
>     Onn Chee
>
>     _______________________________________________
>     Owasp-singapore mailing list
>     Owasp-singapore at lists.owasp.org
>     <mailto:Owasp-singapore at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20100310/9416be23/attachment.html 


More information about the Owasp-singapore mailing list