Software security firms should stop selling public reports.
-
-
-
Replying to @alexsotirov
A document intended for public consumption whose content is negotiated with the client.
1 reply 0 retweets 0 likes -
-
Replying to @alexsotirov
A couple reasons. Gives weird impressions to the public about what assessments mean. Creates a conflict of interest. Generally icky.
1 reply 0 retweets 0 likes -
Replying to @tqbf @alexsotirov
I would rather firms just allow clients to publish their actual, real deliverables.
1 reply 0 retweets 0 likes -
Replying to @tqbf
Wait, are security firms disallowing clients from publishing their reports? I didn't even know that was an option
1 reply 0 retweets 2 likes -
Replying to @alexsotirov
I don’t know, I think it may be covered by MNDA, but also I think clients want a say in the report the public will see.
3 replies 0 retweets 0 likes -
Replying to @tqbf
Clients can decide to not publish a report after seeing the findings, but we've never been asked to change or hide them, and would not do it
2 replies 0 retweets 3 likes
I would actually be so happy to see our reports published on our most interesting gigs that we can never speak of :(
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.