lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Jan 2008 14:41:36 -0600
From: "Nate McFeters" <nate.mcfeters@...il.com>
To: "Tremaine Lea" <tremaine@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Secreview re-review of quietmove ( F ---)

Is anyone out there using these reviews?  It's just amazing that we are
still going through this.  SecReview is busting Adam for not credentializing
himself, but I see nothing of how they have credentialized what they are
doing.  It's absurd.

On 1/2/08, Tremaine Lea <tremaine@...il.com> wrote:
>
> Regardless of whether your intentions are good or not in performing
> these reviews, one thing is crystal clear.  In order to perform these
> reviews and have them accepted by those who would actually read and
> depend on them to a degree, you need to have established yourself as a
> credible source and have a good reputation.
>
> With that in mind, I think the vast majority will continue to rely on
> word of mouth from peers, or well respected and long standing
> companies such as Gartner or even Dark Reading.  In my not so humble
> opinion, you will not establish yourself as a credible resource by
> engaging in petty disputes and mud slinging on FD.
>
> Worse, it becomes more and more apparent that this is essentially an
> attempt to drive interest to your blog.  I don't believe any serious
> company would engage in the behaviour you have to date, so both your
> motives and your method are in question.  If you genuinely wish to be
> taken seriously and treated as a credible source of information about
> other security vendors, I'd consider starting again from scratch and
> develop a better method of attracting professional interest.  The key
> is to attract the attention, not try and push your product down
> throats.
>
> Another quick lesson : if a vendor doesn't provide you with
> information, the correct thing to do is simply note that you were
> unable to review their product or services, and why.  To still attempt
> a review with seriously incomplete information and then give a low
> score is irresponsible at best.
>
> --
> Tremaine Lea
> Network Security Consultant
> Intrepid ACL
> "Paranoia for hire"
>
> On Jan 2, 2008 11:08 AM, SecReview <secreview@...hmail.com> wrote:
> > Hi Adam,
> >
> > We've said this before and will say this again, this time to
> > everyone.
> >
> > We would be more than happy to give your company (QuietMove) a
> > "better" review if you'd enable us to do that. So far you haven't
> > helped us to effectively review you at all. We tried to call you
> > before our initial review, but never got hold of anyone. We also
> > sent you an email before writing our second review, and you never
> > responded to any of the questions in that email. If you'd like us
> > to do a better review then provide us with the information that you
> > think we will need to get the job done.
> >
> > Our current review is the product of your website, emails that
> > you've posted to this and other forums, and your reaction to our
> > first review. We haven't been able to find anything related to
> > major accomplishments by you or by QuietMove, we haven't seen any
> > sample reports, and we haven't received any answers to any
> > questions about your methodologies for service execution and
> > delivery. We even think that our current review might be too harsh,
> > but can't change anything without more information.
> >
> > If you want us to change our review, we can do that again and we
> > can do it in a non-biased way (regardless of all the rants and
> > noise). We need you to tell us about your service delivery
> > methodologies, your reporting methodologies, how you define
> > specific service offerings, what markets you play in, and if
> > possible sanitized sample reports. We won't publish any of that
> > information directly, but we would use that to produce your next
> > review.
> >
> > We want our reviews to accurately and truthfully reflect the
> > quality and professionalism of the providers that we study. (In
> > fact, if anyone has any suggestions as to how we could better
> > "rank" security companies we'd be more than happy to listen and
> > consider those suggestions.)
> >
> > Hope this helps. This will be our last email about QuietMove unless
> > you request a redo of the current review. We will only redo the
> > review if you are able to provide us with accurate information to
> > help us get it done. We think that you should do it, because we
> > think that you can score much better than an F+. (You're clearly
> > not an idiot and you do have at least some experience.)
> >
> > -the end.
> >
> >
> >
> >
> > Regards,
> >       The Secreview Team
> >       http://secreview.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists