| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Jan 18 18:45:56 2006 From: gaylord at dirtcheapemail.com (Clark Gaylord) Subject: Vulnerability/Penetration Testing Tools On Wed, 18 Jan 2006 11:36:04 -0600, "Madison, Marc" <mmadison@...i.com> said: > BidiBLAH: $10,000 > Scripting class: $350 > > 6 man-weeks time: $6924.00 > > > Like you said, "many people make that comparison, and don't calculate > the *TOTAL* cost". Cost is not the answer. For that side of the balance sheet, *risk* is the answer. It *might* take six weeks of this poor slob's time, but then again it might take twelve. And he might not get it right. Now, the vendor might not get it right either, but it isn't going to cost any more in hard $$$ (though Poor Slob will probably have to spend three weeks figuring out that the vendor has screwed it up and working with them to fix it). And "one throat to joke" is probably the most over-rated risk-mitigation thought ever thunk. Any one who thinks they will buy a product and not have to pay anyone to integrate into their environment is smoking crack. But anyone who thinks they don't ever have to pay any vendor anything because we can always do a better job cheaper is also smoking crack. Buy what you need to make your staff best able to do their job. The best answer might be buy the BidiBLAH *and* pay P.S. six weeks to integrate it, improve it, work on other things that he can now do better, etc. --ckg -- Clark Gaylord Blacksburg, VA USA gaylord@...tcheapemail.com
Powered by blists - more mailing lists