[Owasp-singapore] Vendor asking customers to be less secure

Rick Zhong rick.zhong at gmail.com
Wed Mar 10 04:40:01 EST 2010

Probably we can bring this to our next meet up session. This is a huge topic
and relating to end2end process of vendor engagement.

On 10 Mar 2010 15:33, "Wong Onn Chee" <ocwong at usa.net> wrote:

 Just to follow up from my previous emails.

Since now *ALL* of us know that this kind of risk can happen to us as a
customer of any vendor products, we, members of OWASP/SSMG, can no longer
claim ignorance about such risk.

After knowing this, how can we (assumed to be representing the customer
organisations) proactively protect ourselves and prevent such vendor risks
from occurring to us?

Just to pre-empt - the size of vendor is irrelevant in avoiding such risk,
so answers such as choose the biggest vendor does not hold water. ;-)

Hope to hear from all of you!

Onn Chee

On 03/10/2010 02:39 PM, Donald Ong wrote:

> Yes and No.
> It really depends on the impact. If the impact is the critical products
the com...

Owasp-singapore mailing list
Owasp-singapore at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20100310/6bf941ed/attachment.html 

More information about the Owasp-singapore mailing list