Penetration Testing mailing list archives

Re: The business/marketing of pen-testing.

From: <kingpang () gmail com>
Date: 28 Oct 2004 21:09:19 -0000

In-Reply-To: <EA182BB3B632994AA3617BA6449634B69DAE0E () vetweb vermeertexas com>

Hi Aaron, Jeff and Randy,

I have a similar initiative to Aaron, but the difficulty I am facing (and probably Aaron too) is how to generate Sales. 
Security is different from other software solutions in a way that there is no easy-to-measure ROI.  The ROSI (Return on 
Security Investment) is an rather abstract approximation. (see 
http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx for more information)

If we talk about target market, for small companies, they probably don't care about security.  For mid-size companies, 
they usually prefer training their developers to implement (easy) security features.  For large company, why would they 
trust our new and small company?

In my opinion, security is more about education.  Maybe it is worth starting up a computer security school instead.

Current thread:

Re: The business/marketing of pen-testing. kingpang (Nov 02)
- Re: The business/marketing of pen-testing. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Nov 03)
- <Possible follow-ups>
- RE: The business/marketing of pen-testing. Randy Golly (Nov 02)
  - Re: The business/marketing of pen-testing. Aaron Drew (Nov 03)
- Re: The business/marketing of pen-testing. Davi Ottenheimer (Nov 05)
- Re: The business/marketing of pen-testing. kingpang (Nov 05)