lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <28f529ba0712201516ie526abeu48e2dc529c694726@mail.gmail.com>
Date: Thu, 20 Dec 2007 16:16:46 -0700
From: "Mike Vasquez" <mike.vasquez@...il.com>
To: "Sec Review Sucks" <secreview.exposed@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Professional IT Security Reviewers -
	Exposed] SecReview ( F - )

What I really want to know, is if a past customer (err - reader?) of sec
review surfaces with a negative opinion of them, will you adjust your grade
accordingly?



On Dec 20, 2007 1:20 PM, Sec Review Sucks <secreview.exposed@...il.com>
wrote:

> This rating is based entirely off my personal feelings after reading
> several of the emails you've sent out to the Full Disclosure list.  I bring
> up the following as my reasoning:
>
> 1.) What are your qualifications for reviewing these companies?
> 2.) Your criteria for review is clearly flawed.  Reviewing marketing
> material, websites, etc. is just ridiculous.  Typically these are not
> created by the security team itself, but instead the marketing department
> for a company.  You only just mentioned that you started reviewing sample
> reports, and that not all companies are willing to provide these.  How could
> you possibly review a company WITHOUT a sample report at the minimum?
> 3.) What is your scoring system?  Do you even have one?
> 4.) If company A does not submit themselves for review, and therefore will
> not provide you with the information you need to review them, do they get a
> lower score?
>
> In any case, a consulting company provides far more then simply a
> marketing site and sample deliverables.  Unless you can survey a companies
> customers, I don't see how you could ever make a reasonably accurate
> assumption.  Therefore, I rate SecReview as an F-.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ