| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Jan 2008 06:59:36 +1000 From: "Lyal Collins" <lyalc@...ftdsl.com.au> Cc: <full-disclosure@...ts.grok.org.uk> Subject: Re: Secreview re-review of quietmove ( F ---) I'd add to this that anyone who buys security consulting/pen test services et al solely on the basis of web site content is unlikely to get any worthwhile outcomes for their specific needs. No effective manager in any company/government I've seen is going to refer to a web site alone, or to bother finding obscure posts on a specialist mailing list that may or may not be relevant to their needs - they merely use web sites as a source of potential suppliers before interviewing them, and getting references. Let kill this pointless waste on inbox space, please. lyalc -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Tremaine Lea Sent: Thursday, 3 January 2008 6:05 AM To: SecReview Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Secreview re-review of quietmove ( F ---) Regardless of whether your intentions are good or not in performing these reviews, one thing is crystal clear. In order to perform these reviews and have them accepted by those who would actually read and depend on them to a degree, you need to have established yourself as a credible source and have a good reputation. With that in mind, I think the vast majority will continue to rely on word of mouth from peers, or well respected and long standing companies such as Gartner or even Dark Reading. In my not so humble opinion, you will not establish yourself as a credible resource by engaging in petty disputes and mud slinging on FD. Worse, it becomes more and more apparent that this is essentially an attempt to drive interest to your blog. I don't believe any serious company would engage in the behaviour you have to date, so both your motives and your method are in question. If you genuinely wish to be taken seriously and treated as a credible source of information about other security vendors, I'd consider starting again from scratch and develop a better method of attracting professional interest. The key is to attract the attention, not try and push your product down throats. Another quick lesson : if a vendor doesn't provide you with information, the correct thing to do is simply note that you were unable to review their product or services, and why. To still attempt a review with seriously incomplete information and then give a low score is irresponsible at best. -- Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On Jan 2, 2008 11:08 AM, SecReview <secreview@...hmail.com> wrote: > Hi Adam, > > We've said this before and will say this again, this time to everyone. > > We would be more than happy to give your company (QuietMove) a > "better" review if you'd enable us to do that. So far you haven't > helped us to effectively review you at all. We tried to call you > before our initial review, but never got hold of anyone. We also sent > you an email before writing our second review, and you never responded > to any of the questions in that email. If you'd like us to do a better > review then provide us with the information that you think we will > need to get the job done. > > Our current review is the product of your website, emails that you've > posted to this and other forums, and your reaction to our first > review. We haven't been able to find anything related to major > accomplishments by you or by QuietMove, we haven't seen any sample > reports, and we haven't received any answers to any questions about > your methodologies for service execution and delivery. We even think > that our current review might be too harsh, but can't change anything > without more information. > > If you want us to change our review, we can do that again and we can > do it in a non-biased way (regardless of all the rants and noise). We > need you to tell us about your service delivery methodologies, your > reporting methodologies, how you define specific service offerings, > what markets you play in, and if possible sanitized sample reports. We > won't publish any of that information directly, but we would use that > to produce your next review. > > We want our reviews to accurately and truthfully reflect the quality > and professionalism of the providers that we study. (In fact, if > anyone has any suggestions as to how we could better "rank" security > companies we'd be more than happy to listen and consider those > suggestions.) > > Hope this helps. This will be our last email about QuietMove unless > you request a redo of the current review. We will only redo the review > if you are able to provide us with accurate information to help us get > it done. We think that you should do it, because we think that you can > score much better than an F+. (You're clearly not an idiot and you do > have at least some experience.) > > -the end. > > > > > Regards, > The Secreview Team > http://secreview.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists