[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1137606853.15550.252161609@webmail.messagingengine.com>
Date: Wed Jan 18 18:45:56 2006
From: gaylord at dirtcheapemail.com (Clark Gaylord)
Subject: Vulnerability/Penetration Testing Tools
On Wed, 18 Jan 2006 11:36:04 -0600, "Madison, Marc" <mmadison@...i.com>
said:
> BidiBLAH: $10,000
> Scripting class: $350
>
> 6 man-weeks time: $6924.00
>
>
> Like you said, "many people make that comparison, and don't calculate
> the *TOTAL* cost".
Cost is not the answer. For that side of the balance sheet, *risk* is
the answer. It *might* take six weeks of this poor slob's time, but
then again it might take twelve. And he might not get it right. Now,
the vendor might not get it right either, but it isn't going to cost any
more in hard $$$ (though Poor Slob will probably have to spend three
weeks figuring out that the vendor has screwed it up and working with
them to fix it). And "one throat to joke" is probably the most
over-rated risk-mitigation thought ever thunk.
Any one who thinks they will buy a product and not have to pay anyone to
integrate into their environment is smoking crack. But anyone who
thinks they don't ever have to pay any vendor anything because we can
always do a better job cheaper is also smoking crack. Buy what you need
to make your staff best able to do their job. The best answer might be
buy the BidiBLAH *and* pay P.S. six weeks to integrate it, improve it,
work on other things that he can now do better, etc.
--ckg
--
Clark Gaylord
Blacksburg, VA USA
gaylord@...tcheapemail.com
Powered by blists - more mailing lists