RE: Microsoft Security (...how to reassure customers of)
From: Gary Rollie (garyr_at_pria.net)
Date: 01/22/04
- Previous message: Paul Navarre: "RE: Microsoft Security (...how to reassure customers of)"
- In reply to: Shane Colley: "Microsoft Security (...how to reassure customers of)"
- Next in thread: ajq_at_comcast.net: "RE: Microsoft Security (...how to reassure customers of)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Shane Colley'" <shane@sonatalabs.com>, <focus-ms@securityfocus.com> Date: Thu, 22 Jan 2004 14:23:35 -0500
Well unfortunately it is a very good sales tactic .. Your only real
argument here is to let your potential customers know that there are
just as many security exploits on Unix boxes .. And assure the customer
that you design and develop with a security focus.
{insert something here about how many incidents your customers have had
due to your application development.} You could also inform them that
you recommend a secure architecture. AS you believe a layered security
approach is the most effective .. Etc etc .. IE Routers with Access
lists, IDS/IPS systems to Stop more suspect traffic, Firewalls with
inspection on Port 80 to ensure that only "Good" traffic is reaching
your web site .. And your application handles it's own security.
Instead of relying on the platform to be secure you build an
architecture that makes anything in it secure .. Obviously Firewalls and
IDS systems are on the back end of the architecture and development
isn't done on production "locked down" boxes ..
The other tactic here is to try and play up the limited number of people
that can develop .. Be careful with this one cause it is more a
marketing position. If played correctly and they are a small competitor
it should help eliminate some of the FUD (Fear, Uncertainty and Doubt)
that your competitor is creating.
Hope it helps
Just my two cents
NiteRaven
-----Original Message-----
From: Shane Colley [mailto:shane@sonatalabs.com]
Sent: Thursday, January 22, 2004 11:58 AM
To: focus-ms@securityfocus.com
Subject: Microsoft Security (...how to reassure customers of)
My company focuses on web design (portal/CMS) for small/midsize
companies and non profit orgs. We generally design with ASP.NET/WIN
2003 Server/MS SQL Server.
We have recently run into a problem with a local competitor. The
competitor generally designs flash and php sites hosted on Apache/Linux.
The competitor is apparently going to our customers and potential
customers and trying to scare them off by bashing Microsoft/IIS.
Security Holes in improperly configured MS systems are no secret... so
people already have this idea in their head /before/ this competitor
gets to them.
It's like the competitor is playing off of the customers fear... and
once they are afraid, it appears the burden of proof lies on us.
I'm looking for suggestions and/or resources on how to counter this. If
you or any of your companies have run into similar situations, I'd love
to hear how you handled it.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Paul Navarre: "RE: Microsoft Security (...how to reassure customers of)"
- In reply to: Shane Colley: "Microsoft Security (...how to reassure customers of)"
- Next in thread: ajq_at_comcast.net: "RE: Microsoft Security (...how to reassure customers of)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
