[liberationtech] Recommend consultant to discuss pen test?
Tom O
winterfilth at gmail.com
Fri Sep 6 13:13:20 PDT 2013
I wasn't going to post the twitter stream relating to this. You can look it
up. Veracode was questioned and Chris responded rather quickly. Most were
fine with Veracodes response.
**disclaimer - I have no affiliation with Veracode and have not used their
services. I do know some members in their team though and have found them
to be very competent operators.
On Saturday, September 7, 2013, Maxim Kammerer wrote:
> On Fri, Sep 6, 2013 at 8:03 AM, Tom O <winterfilth at gmail.com<javascript:;>>
> wrote:
> > Posting a news article without context or response from Veracode is weak.
>
> That was just a reminder for a topic that has already been discussed
> on this list. My main intention was to provide an example (in the form
> of a post similar to yours) for Jonathan Wilkes' remark wrt. affected
> reputation.
>
> > Chris Wysopal stated the static crypto checks were run to check if the
> API's
> > were implemented correctly, not implementation of custom keygen.
>
> I am sure there are after-the-fact excuses. Since you didn't provide a
> reference, I assume that this specific excuse if not something worthy
> of attention. Veracode's report is here, if you are interested:
>
> https://blog.crypto.cat/wp-content/uploads/2013/02/Cryptocat_Attestation_Veracode_20130222_final.pdf
>
> Looking at the code is indeed not mentioned in the report, so it's all
> fine, I guess — just make sure something like that is in the next
> contract.
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu <javascript:;>.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130907/a1e68176/attachment.html>
More information about the liberationtech
mailing list