Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Vulnerability/Penetration Testing Tools
From: "Madison, Marc" <mmadison () fnni com>
Date: Wed, 18 Jan 2006 11:36:04 -0600

Valdis Kletnieks wrote:

Something to keep in mind however - many people make that comparison,
and don't calculate the *TOTAL* cost.

If your developer is getting paid $60K/year, the *encumbered* cost
(benefits, office, etc) is close to twice
that.  And if he's writing an in-house BidiBLAh, that's time he's *not*
writing stuff you *can't* buy 
As a result, it breaks out as:

BidiBLAH:         $10,000

scripting clss:             $350
6 man-weeks time: $15,000

OK? Got that?  Suddenly doesn't look like such a good deal, does it?
Maybe you *should* just buy 
BidiBLAH, and have that guy coding that custom interface between two
in-house systems instead....

(And don't say "I only pay my developer $30K, so he can take 2
man-months to do it" - the kind of 
developer you can >keep for $30K is probably going to take a lot more
than twice as long as the $60K

I understand your point about TCO, even though you don't make a very
good case for it.  As for BidiBLAH, maybe you should look at the product
before speaking about it!  If you have used this product then please
give me your insight as to what you think and why.  Really if your
currently using this product I want to know what you think!

Now for the Math, and why your TCO argument wasn't so good,

Developer $60K/year divided by the adopted 2080 man hours year (this is
the average hours work, 40 hour week, 5 days, etc...) = $28.85/hourly,

BidiBLAH:                       $10,000
Scripting class:                $350

6 man-weeks time:               $6924.00

Like you said, "many people make that comparison, and don't calculate
the *TOTAL* cost".

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]