32 Security De-engineering
in the industry and is a matter for a later chapter in this book (please
see “e Tip of the Iceberg—Audit-Driven Security Strategy” in
Chapter 4).
e meeting in Taipei was the rst such meeting with clients that
I could remember in more than two years. One of my Hacker col-
leagues and I, together with our line manager, tried to fumble our
way through the misdirected questions from the client. Suddenly the
client was under a strict mandate to actually address the problems
raised in our report. To that point in time, they did not feel compelled
to pay attention to a complicated 200-page report.
As an example of one of the ndings from our report, Oracle’s
database management server has a service that listens for ...