[Owasp-singapore] Vendor asking customers to be less secure
rick.zhong at gmail.com
Wed Mar 10 04:40:01 EST 2010
Probably we can bring this to our next meet up session. This is a huge topic
and relating to end2end process of vendor engagement.
On 10 Mar 2010 15:33, "Wong Onn Chee" <ocwong at usa.net> wrote:
Just to follow up from my previous emails.
Since now *ALL* of us know that this kind of risk can happen to us as a
customer of any vendor products, we, members of OWASP/SSMG, can no longer
claim ignorance about such risk.
After knowing this, how can we (assumed to be representing the customer
organisations) proactively protect ourselves and prevent such vendor risks
from occurring to us?
Just to pre-empt - the size of vendor is irrelevant in avoiding such risk,
so answers such as choose the biggest vendor does not hold water. ;-)
Hope to hear from all of you!
On 03/10/2010 02:39 PM, Donald Ong wrote:
> Yes and No.
> It really depends on the impact. If the impact is the critical products
Owasp-singapore mailing list
Owasp-singapore at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-singapore