Penetration Testing mailing list archives

RE: Qualys

From: "Marc Maiffret" <mmaiffret () eeye com>
Date: Tue, 14 Feb 2006 02:11:51 -0800

-----Original Message-----
From: Byron Sonne [mailto:blsonne () rogers com] 
Sent: Tuesday, February 07, 2006 4:57 PM
To: Mark Teicher
Cc: Michael Gargiullo; pen-test () securityfocus com
Subject: Re: Qualys

<snip>

We're not huge exploit discoverers like eEye and whatnot, so 
without that rock-star factor there isn't as much press.


Your right about not being rock-stars but much more importantly your
right about not being proactive in vulnerability research. And if you
understood the true value that proactive vulnerability research brings
to customers then you would not write it off with an attempt at
belittling it as "they get more press than us", which yes again, your
right.

also tend to deal with larger companies (some have 16 million 
nodes), nor do we offer a bunch of one-off point-and-click 
single-PC or small network scanning tools.


Ahh classy... So now by virtue of dealing with large customers it means
you should not release free scanning tools, because yah that means you
couldn't possibly build enterprise software. I personally like the fact
that small organizations such as the entire United States Department of
Defenese have chosen to standardize on eEye Digital Security for
vulnerability management, all while we've released free scanning tools
for IT administrators. 

But then I am sure I have taken your inert jabs the wrong way and they
don't exist as 80% of the people behind the hotmail/gmail accounts that
respond to these product vendor threads.

Honestly though who throws a shoe,

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Re: Qualys, (continued)
- - - Re: Qualys Ben Nelson (Feb 09)
    - Re: Qualys Ivan Arce (Feb 13)
- Re: Qualys Mark Teicher (Feb 08)
- RE: Qualys Michael Gargiullo (Feb 08)
  - Re: Qualys Amit (Feb 12)
- RE: Qualys Michael Gargiullo (Feb 08)
- RE: Qualys Evans, Arian (Feb 10)
  - Re: Qualys Byron Sonne (Feb 11)
- Re: Qualys Mark Teicher (Feb 11)
- Re: RE: Qualys pro_logos (Feb 13)
- RE: Qualys Marc Maiffret (Feb 15)