lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 2 Jan 2008 13:05:19 -0700
From: "Tremaine Lea" <tremaine@...il.com>
To: SecReview <secreview@...hmail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Secreview re-review of quietmove ( F ---)

Regardless of whether your intentions are good or not in performing
these reviews, one thing is crystal clear.  In order to perform these
reviews and have them accepted by those who would actually read and
depend on them to a degree, you need to have established yourself as a
credible source and have a good reputation.

With that in mind, I think the vast majority will continue to rely on
word of mouth from peers, or well respected and long standing
companies such as Gartner or even Dark Reading.  In my not so humble
opinion, you will not establish yourself as a credible resource by
engaging in petty disputes and mud slinging on FD.

Worse, it becomes more and more apparent that this is essentially an
attempt to drive interest to your blog.  I don't believe any serious
company would engage in the behaviour you have to date, so both your
motives and your method are in question.  If you genuinely wish to be
taken seriously and treated as a credible source of information about
other security vendors, I'd consider starting again from scratch and
develop a better method of attracting professional interest.  The key
is to attract the attention, not try and push your product down
throats.

Another quick lesson : if a vendor doesn't provide you with
information, the correct thing to do is simply note that you were
unable to review their product or services, and why.  To still attempt
a review with seriously incomplete information and then give a low
score is irresponsible at best.

-- 
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"

On Jan 2, 2008 11:08 AM, SecReview <secreview@...hmail.com> wrote:
> Hi Adam,
>
> We've said this before and will say this again, this time to
> everyone.
>
> We would be more than happy to give your company (QuietMove) a
> "better" review if you'd enable us to do that. So far you haven't
> helped us to effectively review you at all. We tried to call you
> before our initial review, but never got hold of anyone. We also
> sent you an email before writing our second review, and you never
> responded to any of the questions in that email. If you'd like us
> to do a better review then provide us with the information that you
> think we will need to get the job done.
>
> Our current review is the product of your website, emails that
> you've posted to this and other forums, and your reaction to our
> first review. We haven't been able to find anything related to
> major accomplishments by you or by QuietMove, we haven't seen any
> sample reports, and we haven't received any answers to any
> questions about your methodologies for service execution and
> delivery. We even think that our current review might be too harsh,
> but can't change anything without more information.
>
> If you want us to change our review, we can do that again and we
> can do it in a non-biased way (regardless of all the rants and
> noise). We need you to tell us about your service delivery
> methodologies, your reporting methodologies, how you define
> specific service offerings, what markets you play in, and if
> possible sanitized sample reports. We won't publish any of that
> information directly, but we would use that to produce your next
> review.
>
> We want our reviews to accurately and truthfully reflect the
> quality and professionalism of the providers that we study. (In
> fact, if anyone has any suggestions as to how we could better
> "rank" security companies we'd be more than happy to listen and
> consider those suggestions.)
>
> Hope this helps. This will be our last email about QuietMove unless
> you request a redo of the current review. We will only redo the
> review if you are able to provide us with accurate information to
> help us get it done. We think that you should do it, because we
> think that you can score much better than an F+. (You're clearly
> not an idiot and you do have at least some experience.)
>
> -the end.
>
>
>
>
> Regards,
>       The Secreview Team
>       http://secreview.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ