RE: Pentesting tool - Commercial

["Clint P. Garrison" <garrison.clint () gmail com>]

Thanks for chiming in Pete. Your absolutely right. It's insulting when
people with hidden agendas inject their marketing materials as "feedback" or
"news" in this forum.

Clint P. Garrison, MBA-IA MS-IT CISSP  
http://www.clintgarrison.com

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Pete Herzog
Sent: Tuesday, March 04, 2008 11:37 AM
To: Ivan Arce
Cc: pen-test
Subject: Re: Pentesting tool - Commercial

Hi,

Ivan Arce wrote:
<snip>
> Going back to the original comments about CORE IMPACT and the 'count of 
> exploits' I'd like point out just that throwing numbers without 
> qualifying the measurement criteria and the relevance of the methodology 
> is not a very serious assessment of a product's capabilities, its 
> suitability for a given use or the value it may provide to a security 
> professional.

I'd like to add as a person not actually selling products or having any 
commercial ties to any software tool maker that Ivan is correct here. 
There are so many important variables to how a tool should work that 
judging on numbers alone of something that has no clear standard for how it 
should be counted is just ignorant.

-pete.
www.isecom.org


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------