Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - )

From: "Kurt Dillard" <kurtdillard () msn com>
Date: Thu, 20 Dec 2007 21:08:03 -0300
No, go read Secreview's responses to negative comments on his amusing blog.
He won't change a review based on an opposing opinion. The emails, blog, and
his small cadre of fans  remind me of Steve Gibson lol. He has nothing on
the blog to suggest he has any qualifications. When asked what his scoring
system is he responded 'its just like school, A is great, F fails.' What a
system, its so well articulated and unbiased that anyone who reviews one of
the security companies Secreview surfs will come up with the same score.

 

From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Mike Vasquez
Sent: Thursday, December 20, 2007 8:17 PM
To: Sec Review Sucks
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] [Professional IT Security Reviewers -
Exposed] SecReview ( F - )

 

What I really want to know, is if a past customer (err - reader?) of sec
review surfaces with a negative opinion of them, will you adjust your grade
accordingly?  



On Dec 20, 2007 1:20 PM, Sec Review Sucks < secreview.exposed () gmail com>
wrote:

This rating is based entirely off my personal feelings after reading several
of the emails you've sent out to the Full Disclosure list.  I bring up the
following as my reasoning: 

1.) What are your qualifications for reviewing these companies? 
2.) Your criteria for review is clearly flawed.  Reviewing marketing
material, websites, etc. is just ridiculous.  Typically these are not
created by the security team itself, but instead the marketing department
for a company.  You only just mentioned that you started reviewing sample
reports, and that not all companies are willing to provide these.  How could
you possibly review a company WITHOUT a sample report at the minimum? 
3.) What is your scoring system?  Do you even have one?
4.) If company A does not submit themselves for review, and therefore will
not provide you with the information you need to review them, do they get a
lower score? 

In any case, a consulting company provides far more then simply a marketing
site and sample deliverables.  Unless you can survey a companies customers,
I don't see how you could ever make a reasonably accurate assumption.
Therefore, I rate SecReview as an F-. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
<http://lists.grok.org.uk/full-disclosure-charter.html> 
Hosted and sponsored by Secunia - http://secunia.com/

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: