Hello, Julian. You wrote 12 сентября 2013 г., 18:49:05:
JE> Pretty much all they've proved to me is that they have no idea of what JE> they are talking about. JE> You need to ask them for a better description of the problem as so far JE> all you've JE> seen is about a hundred computer science professionals rolling around JE> on the floor JE> laughing when you showed them the paragraph from the report.. JE> and you can quote me on that one. In my expirience, "Security audit" people, who could, for example, do PCI/DSS audit, are like this. So, yet, it is their level of competence, but you could not pass around them, if you want official PCI/DSS certification, for example. Did you seen this epic thread on stackoverflow (or its devops/sysops counterpart) about "log file with every login of each user with password in clear text,'' for example? -- // Black Lion AKA Lev Serebryakov <l...@freebsd.org> _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
