[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <33517.1235269801@turing-police.cc.vt.edu>
Date: Sat, 21 Feb 2009 21:30:01 -0500
From: Valdis.Kletnieks@...edu
To: Smoking Gun <pentesterkunt@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, scadasec@...s.infracritical.com
Subject: Re: [SCADASEC] 11. Re: SCADA Security - Software
fee's
On Fri, 20 Feb 2009 09:24:29 EST, Smoking Gun said:
> Ironically, your own quote"company"quote offered penetration testing
> services at the insane pricing scheme of "we'll pentest0r joo for free
> and if we find something you can pay us to find other holes!".
And how, exactly, is that an "insane" pricing scheme? If you think about
it for a bit, it actually makes quite a bit of sense - Snosoft needs to prove
they're in fact good enough to be able to find the holes you're paying them
to find, or it doesn't cost anything.
That *sure* as hell beats paying $100K for a pen test, and then finding out
that you hired a bunch of asswipes who can't find holes.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists