Full Disclosure mailing list archives
Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - )
From: "Kurt Dillard" <kurtdillard () msn com>
Date: Thu, 20 Dec 2007 21:08:03 -0300
No, go read Secreview's responses to negative comments on his amusing blog. He won't change a review based on an opposing opinion. The emails, blog, and his small cadre of fans remind me of Steve Gibson lol. He has nothing on the blog to suggest he has any qualifications. When asked what his scoring system is he responded 'its just like school, A is great, F fails.' What a system, its so well articulated and unbiased that anyone who reviews one of the security companies Secreview surfs will come up with the same score. From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Mike Vasquez Sent: Thursday, December 20, 2007 8:17 PM To: Sec Review Sucks Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( F - ) What I really want to know, is if a past customer (err - reader?) of sec review surfaces with a negative opinion of them, will you adjust your grade accordingly? On Dec 20, 2007 1:20 PM, Sec Review Sucks < secreview.exposed () gmail com> wrote: This rating is based entirely off my personal feelings after reading several of the emails you've sent out to the Full Disclosure list. I bring up the following as my reasoning: 1.) What are your qualifications for reviewing these companies? 2.) Your criteria for review is clearly flawed. Reviewing marketing material, websites, etc. is just ridiculous. Typically these are not created by the security team itself, but instead the marketing department for a company. You only just mentioned that you started reviewing sample reports, and that not all companies are willing to provide these. How could you possibly review a company WITHOUT a sample report at the minimum? 3.) What is your scoring system? Do you even have one? 4.) If company A does not submit themselves for review, and therefore will not provide you with the information you need to review them, do they get a lower score? In any case, a consulting company provides far more then simply a marketing site and sample deliverables. Unless you can survey a companies customers, I don't see how you could ever make a reasonably accurate assumption. Therefore, I rate SecReview as an F-. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html <http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Sec Review Sucks (Dec 20)
- Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Mike Vasquez (Dec 20)
- Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Kurt Dillard (Dec 20)
- Re: [Professional IT Security Reviewers - Exposed] SecReview ( F - ) Mike Vasquez (Dec 20)