PaulDotCom mailing list archives
Vulnerability assessments and their cost
From: mvharley2 at gmail.com (MV)
Date: Wed, 6 May 2009 12:08:03 -0700
*Bidder Comparison Worksheet* *#* *Primary Bid Criterion* *Prospect Bid Weighting* *Ratings from Company Perspective * *Average Competitor Score* *Key Differentiator* *Goal score * *Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* 1 Price 10 H H M H H 28 Reasonable price & identified costs 2 Experience 8 H H H M L 18 Client references 3 Technical 7 H H H M M 18 Technical Competency 4 Staffing 7 H H H L M 16 Adequacy of staff, skills, & certifications 5 Reputation 4 H H H L L 8 Industry perception of company & mgmt 6 Financial 4 H M H M L 8 Financial strength & payroll assurance Dun & Bradstreet check? 7 Rules of Engagement 9 H H M H H 25 Complies within the Rules of Engagement 8 Methodology Match 6 M H M M M 14 Will work within a clearly defined Methodology 9 History with buyer 5 H H L L L 8 Length and quality of vendor relationship 10 11 12 13 14 15 * Total Average Weighted Score* *19* *20* *16* *14* *13* *16* ** Dark gray cells are calculated automatically. *Bidder Comparison Worksheet* * * *Primary Bid Criterion* *Costs * ** ** *Budget* *Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* ** ** Quoted costs ?? *$26,000* *$45,500* *$50,140* *$64,800* ** ** vs Low ?? $0 $19,500 $24,140 $38,800 includes expenses? ?? No No Yes Yes Expense amount included in the the quote ?? No No $5,000 $4,800 Here is a vendor comparision sheet from a MS template. The vendors are top tier. MV On Tue, May 5, 2009 at 2:10 PM, Jason Wood <tadaka at gmail.com> wrote:
I recently received some pricing on a web application vulnerability assessment from a large security service provider who shall remain nameless. This assessment basically consisted of using web application scanner, turning it loose, then performing some verification on the issues reported. No actual exploitation of the application would be done. The price was was fairly expensive. So I have some questions for the everyone. What seems to be the going rate for a: - Web application vulnerability assessment? - Network vulnerability assessment? - Wireless vulnerability assessment? I assume there is some disparity between the prices of a brand name security service provider and a smaller security company. Does anyone know what those differences in price would be? I'm trying to get some idea of what to expect as I contact different companies. I wouldn't mind knowing for any future private endeavors as well. :) Thanks for the help all. Jason _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090506/6e59074c/attachment.htm
Current thread:
- Vulnerability assessments and their cost Jason Wood (May 05)
- Message not available
- Vulnerability assessments and their cost Norm and Lucie Arendt (May 05)
- Message not available
- Vulnerability assessments and their cost Raffi Jamgotchian (May 05)
- Vulnerability assessments and their cost Jason Wood (May 05)
- Vulnerability assessments and their cost Jim Halfpenny (May 06)
- Vulnerability assessments and their cost Paul Asadoorian (May 07)
- Vulnerability assessments and their cost Jason Wood (May 07)
- Vulnerability assessments and their cost Nathan Sweaney (May 07)
- Vulnerability assessments and their cost Jason Wood (May 05)