Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Recommend consultant to discuss pen test?

Tom O winterfilth at
Fri Sep 6 13:13:20 PDT 2013

I wasn't going to post the twitter stream relating to this. You can look it
up. Veracode was questioned and Chris responded rather quickly. Most were
fine with Veracodes response.

**disclaimer - I have no affiliation with Veracode and have not used their
services. I do know some members in their team though and have found them
to be very competent operators.

On Saturday, September 7, 2013, Maxim Kammerer wrote:

> On Fri, Sep 6, 2013 at 8:03 AM, Tom O <winterfilth at<javascript:;>>
> wrote:
> > Posting a news article without context or response from Veracode is weak.
> That was just a reminder for a topic that has already been discussed
> on this list. My main intention was to provide an example (in the form
> of a post similar to yours) for Jonathan Wilkes' remark wrt. affected
> reputation.
> > Chris Wysopal stated the static crypto checks were run to check if the
> API's
> > were implemented correctly, not implementation of custom keygen.
> I am sure there are after-the-fact excuses. Since you didn't provide a
> reference, I assume that this specific excuse if not something worthy
> of attention. Veracode's report is here, if you are interested:
> Looking at the code is indeed not mentioned in the report, so it's all
> fine, I guess — just make sure something like that is in the next
> contract.
> --
> Maxim Kammerer
> Liberté Linux:
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at <javascript:;>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list