lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 3 Jan 2008 06:59:36 +1000
From: "Lyal Collins" <>
Cc: <>
Subject: Re: Secreview re-review of quietmove ( F ---)

I'd add to this that anyone who buys security consulting/pen test services
et al solely on the basis of web site content is unlikely to get any
worthwhile outcomes for their specific needs. 

No effective manager in any company/government I've seen is going to refer
to a web site alone, or to bother finding obscure posts on a specialist
mailing list that may or may not be relevant to their needs - they merely
use web sites as a source of potential suppliers before interviewing them,
and getting references.

Let kill this pointless waste on inbox space, please.

-----Original Message-----
[] On Behalf Of Tremaine Lea
Sent: Thursday, 3 January 2008 6:05 AM
To: SecReview
Subject: Re: [Full-disclosure] Secreview re-review of quietmove ( F ---)

Regardless of whether your intentions are good or not in performing these
reviews, one thing is crystal clear.  In order to perform these reviews and
have them accepted by those who would actually read and depend on them to a
degree, you need to have established yourself as a credible source and have
a good reputation.

With that in mind, I think the vast majority will continue to rely on word
of mouth from peers, or well respected and long standing companies such as
Gartner or even Dark Reading.  In my not so humble opinion, you will not
establish yourself as a credible resource by engaging in petty disputes and
mud slinging on FD.

Worse, it becomes more and more apparent that this is essentially an attempt
to drive interest to your blog.  I don't believe any serious company would
engage in the behaviour you have to date, so both your motives and your
method are in question.  If you genuinely wish to be taken seriously and
treated as a credible source of information about other security vendors,
I'd consider starting again from scratch and develop a better method of
attracting professional interest.  The key is to attract the attention, not
try and push your product down throats.

Another quick lesson : if a vendor doesn't provide you with information, the
correct thing to do is simply note that you were unable to review their
product or services, and why.  To still attempt a review with seriously
incomplete information and then give a low score is irresponsible at best.

Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"

On Jan 2, 2008 11:08 AM, SecReview <> wrote:
> Hi Adam,
> We've said this before and will say this again, this time to everyone.
> We would be more than happy to give your company (QuietMove) a 
> "better" review if you'd enable us to do that. So far you haven't 
> helped us to effectively review you at all. We tried to call you 
> before our initial review, but never got hold of anyone. We also sent 
> you an email before writing our second review, and you never responded 
> to any of the questions in that email. If you'd like us to do a better 
> review then provide us with the information that you think we will 
> need to get the job done.
> Our current review is the product of your website, emails that you've 
> posted to this and other forums, and your reaction to our first 
> review. We haven't been able to find anything related to major 
> accomplishments by you or by QuietMove, we haven't seen any sample 
> reports, and we haven't received any answers to any questions about 
> your methodologies for service execution and delivery. We even think 
> that our current review might be too harsh, but can't change anything 
> without more information.
> If you want us to change our review, we can do that again and we can 
> do it in a non-biased way (regardless of all the rants and noise). We 
> need you to tell us about your service delivery methodologies, your 
> reporting methodologies, how you define specific service offerings, 
> what markets you play in, and if possible sanitized sample reports. We 
> won't publish any of that information directly, but we would use that 
> to produce your next review.
> We want our reviews to accurately and truthfully reflect the quality 
> and professionalism of the providers that we study. (In fact, if 
> anyone has any suggestions as to how we could better "rank" security 
> companies we'd be more than happy to listen and consider those 
> suggestions.)
> Hope this helps. This will be our last email about QuietMove unless 
> you request a redo of the current review. We will only redo the review 
> if you are able to provide us with accurate information to help us get 
> it done. We think that you should do it, because we think that you can 
> score much better than an F+. (You're clearly not an idiot and you do 
> have at least some experience.)
> -the end.
> Regards,
>       The Secreview Team

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists