Vulnerability assessments and their cost

[jim.halfpenny at gmail.com (Jim Halfpenny)]

2009/5/6 Jason Wood <tadaka at gmail.com>

> Well, to narrow this down a bit more, lets focus on a network vulnerability
> assessment only.  What would be a reasonable price for a network
> vulnerability scan of a single Class C network?  No penetration testing,
> just scan through and see what vulnerabilities are exposed on the 254 IP
> addresses available.
>
> Personally, a vulnerability scan is pretty simple to run, but I've seen at
> least one quote that seemed excessive, to put it mildly.  Around $10,000 in
> this case.  Again, this is a larger vendor and it is a bit easier for a
> customer to believe the results presented by a familiar name rather than XYZ
> Security Company.  It just have a hard time believing it provides **that**
> much value.
>
> Thanks,
> Jason

Don't feel afraid of haggling about the price. There's a strong sales
element behind any IT service and prices vary between customers even if the
variables are the same. Negotiate one the price and then make a final offer
and with luck they will come down to a better figure. If you shave 20% off
the price maybe you can send yourself to DefCon on the savings :-)

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090506/6f3a38f2/attachment.htm