Vulnerability assessments and their cost

[mvharley2 at gmail.com (MV)]

*Bidder Comparison Worksheet*
 *#* *Primary Bid Criterion* *Prospect Bid  Weighting* *Ratings from Company
Perspective * *Average Competitor Score* *Key Differentiator* *Goal score *
*Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* 1 Price 10 H H M H H 28 Reasonable
price & identified costs 2 Experience 8 H H H M L 18 Client references 3
Technical 7 H H H M M 18 Technical Competency 4 Staffing 7 H H H L M
16 Adequacy
of staff, skills, & certifications  5 Reputation 4 H H H L L 8 Industry
perception of company & mgmt 6 Financial  4 H M H M L 8 Financial strength &
payroll assurance
Dun & Bradstreet check? 7 Rules of Engagement 9 H H M H H 25 Complies within
the Rules of Engagement 8 Methodology Match 6 M H M M M 14 Will work within
a clearly defined Methodology 9 History with buyer 5 H H L L L 8 Length and
quality of vendor relationship 10                   11                   12
                  13                   14                   15
    *  Total Average Weighted Score* *19* *20* *16* *14* *13* *16* ** Dark
gray cells are calculated automatically.                         *Bidder
Comparison Worksheet*                * * *Primary Bid Criterion* *Costs * **
** *Budget* *Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* ** **   Quoted costs
?? *$26,000* *$45,500* *$50,140* *$64,800* ** **   vs Low ?? $0 $19,500
$24,140 $38,800    includes expenses? ?? No No Yes Yes    Expense amount
included in the the quote ?? No No $5,000 $4,800
  Here is a vendor comparision sheet from a MS template.

The vendors are top tier.

MV


On Tue, May 5, 2009 at 2:10 PM, Jason Wood <tadaka at gmail.com> wrote:

> I recently received some pricing on a web application vulnerability
> assessment from a large security service provider who shall remain
> nameless.  This assessment basically consisted of using web application
> scanner, turning it loose, then performing some verification on the issues
> reported.  No actual exploitation of the application would be done.  The
> price was was fairly expensive.  So I have some questions for the everyone.
>
> What seems to be the going rate for a:
>
> - Web application vulnerability assessment?
> - Network vulnerability assessment?
> - Wireless vulnerability assessment?
>
> I assume there is some disparity between the prices of a brand name
> security service provider and a smaller security company.  Does anyone know
> what those differences in price would be?
>
> I'm trying to get some idea of what to expect as I contact different
> companies.  I wouldn't mind knowing for any future private endeavors as
> well.  :)
>
> Thanks for the help all.
>
> Jason
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090506/6e59074c/attachment.htm