lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1137606853.15550.252161609@webmail.messagingengine.com>
Date: Wed Jan 18 18:45:56 2006
From: gaylord at dirtcheapemail.com (Clark Gaylord)
Subject: Vulnerability/Penetration Testing Tools

On Wed, 18 Jan 2006 11:36:04 -0600, "Madison, Marc" <mmadison@...i.com>
said:
> BidiBLAH:                       $10,000
> Scripting class:                $350
> 
> 6 man-weeks time:               $6924.00
> 
> 
> Like you said, "many people make that comparison, and don't calculate
> the *TOTAL* cost".

Cost is not the answer.  For that side of the balance sheet, *risk* is
the answer.  It *might* take six weeks of this poor slob's time, but
then again it might take twelve.  And he might not get it right.  Now,
the vendor might not get it right either, but it isn't going to cost any
more in hard $$$ (though Poor Slob will probably have to spend three
weeks figuring out that the vendor has screwed it up and working with
them to fix it).  And "one throat to joke" is probably the most
over-rated risk-mitigation thought ever thunk.

Any one who thinks they will buy a product and not have to pay anyone to
integrate into their environment is smoking crack.  But anyone who
thinks they don't ever have to pay any vendor anything because we can
always do a better job cheaper is also smoking crack.  Buy what you need
to make your staff best able to do their job.  The best answer might be
buy the BidiBLAH *and* pay P.S. six weeks to integrate it, improve it,
work on other things that he can now do better, etc.

--ckg
--
Clark Gaylord
Blacksburg, VA USA
gaylord@...tcheapemail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ