lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <71c9b74c0712201220n558cb34ak74e082e86acd0355@mail.gmail.com>
Date: Thu, 20 Dec 2007 14:20:36 -0600
From: "Sec Review Sucks" <secreview.exposed@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [Professional IT Security Reviewers - Exposed]
	SecReview ( F - )

This rating is based entirely off my personal feelings after reading several
of the emails you've sent out to the Full Disclosure list.  I bring up the
following as my reasoning:

1.) What are your qualifications for reviewing these companies?
2.) Your criteria for review is clearly flawed.  Reviewing marketing
material, websites, etc. is just ridiculous.  Typically these are not
created by the security team itself, but instead the marketing department
for a company.  You only just mentioned that you started reviewing sample
reports, and that not all companies are willing to provide these.  How could
you possibly review a company WITHOUT a sample report at the minimum?
3.) What is your scoring system?  Do you even have one?
4.) If company A does not submit themselves for review, and therefore will
not provide you with the information you need to review them, do they get a
lower score?

In any case, a consulting company provides far more then simply a marketing
site and sample deliverables.  Unless you can survey a companies customers,
I don't see how you could ever make a reasonably accurate assumption.
Therefore, I rate SecReview as an F-.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ