Full Disclosure mailing list archives

Re: [SCADASEC] 11. Re: SCADA Security - Software fee's

From: Valdis.Kletnieks () vt edu
Date: Sat, 21 Feb 2009 21:30:01 -0500

On Fri, 20 Feb 2009 09:24:29 EST, Smoking Gun said:

Ironically, your own quote"company"quote offered penetration testing
services at the insane pricing scheme of "we'll pentest0r joo for free
and if we find something you can pay us to find other holes!".


And how, exactly, is that an "insane" pricing scheme?  If you think about
it for a bit, it actually makes quite a bit of sense - Snosoft needs to prove
they're in fact good enough to be able to find the holes you're paying them
to find, or it doesn't cost anything.

That *sure* as hell beats paying $100K for a pen test, and then finding out
that you hired a bunch of asswipes who can't find holes.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Smoking Gun (Feb 20)
- Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Adriel T. Desautels (Feb 20)
  - Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Smoking Gun (Feb 20)
- Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Valdis . Kletnieks (Feb 21)
  - Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Smoking Gun (Feb 23)
    - Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Michael Krymson (Feb 23)
    - Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Smoking Gun (Feb 23)
- <Possible follow-ups>
- Re: [SCADASEC] 11. Re: SCADA Security - Software fee's bobby . mugabe (Feb 22)
  - Re: [SCADASEC] 11. Re: SCADA Security - Software fee's Michael Krymson (Feb 23)
- Re: [SCADASEC] 11. Re: SCADA Security - Software fee's bobby . mugabe (Feb 23)