Search Mailing List Archives
[liberationtech] Recommend consultant to discuss pen test?
winterfilth at gmail.com
Fri Sep 6 13:13:20 PDT 2013
I wasn't going to post the twitter stream relating to this. You can look it
up. Veracode was questioned and Chris responded rather quickly. Most were
fine with Veracodes response.
**disclaimer - I have no affiliation with Veracode and have not used their
services. I do know some members in their team though and have found them
to be very competent operators.
On Saturday, September 7, 2013, Maxim Kammerer wrote:
> > Posting a news article without context or response from Veracode is weak.
> That was just a reminder for a topic that has already been discussed
> on this list. My main intention was to provide an example (in the form
> of a post similar to yours) for Jonathan Wilkes' remark wrt. affected
> > Chris Wysopal stated the static crypto checks were run to check if the
> > were implemented correctly, not implementation of custom keygen.
> I am sure there are after-the-fact excuses. Since you didn't provide a
> reference, I assume that this specific excuse if not something worthy
> of attention. Veracode's report is here, if you are interested:
> Looking at the code is indeed not mentioned in the report, so it's all
> fine, I guess — just make sure something like that is in the next
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech