Full Disclosure mailing list archives
Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - )
From: "Mike Vasquez" <mike.vasquez () gmail com>
Date: Thu, 20 Dec 2007 16:16:46 -0700
What I really want to know, is if a past customer (err - reader?) of sec review surfaces with a negative opinion of them, will you adjust your grade accordingly? On Dec 20, 2007 1:20 PM, Sec Review Sucks <secreview.exposed () gmail com> wrote:
This rating is based entirely off my personal feelings after reading several of the emails you've sent out to the Full Disclosure list. I bring up the following as my reasoning: 1.) What are your qualifications for reviewing these companies? 2.) Your criteria for review is clearly flawed. Reviewing marketing material, websites, etc. is just ridiculous. Typically these are not created by the security team itself, but instead the marketing department for a company. You only just mentioned that you started reviewing sample reports, and that not all companies are willing to provide these. How could you possibly review a company WITHOUT a sample report at the minimum? 3.) What is your scoring system? Do you even have one? 4.) If company A does not submit themselves for review, and therefore will not provide you with the information you need to review them, do they get a lower score? In any case, a consulting company provides far more then simply a marketing site and sample deliverables. Unless you can survey a companies customers, I don't see how you could ever make a reasonably accurate assumption. Therefore, I rate SecReview as an F-. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Sec Review Sucks (Dec 20)
- Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Mike Vasquez (Dec 20)
- Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Kurt Dillard (Dec 20)
- Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Mike Vasquez (Dec 20)