Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Vulnerability/Penetration Testing Tools
From: "Clark Gaylord" <gaylord () dirtcheapemail com>
Date: Wed, 18 Jan 2006 12:54:13 -0500

On Wed, 18 Jan 2006 11:36:04 -0600, "Madison, Marc" <mmadison () fnni com>
BidiBLAH:                       $10,000
Scripting class:                $350

6 man-weeks time:               $6924.00

Like you said, "many people make that comparison, and don't calculate
the *TOTAL* cost".

Cost is not the answer.  For that side of the balance sheet, *risk* is
the answer.  It *might* take six weeks of this poor slob's time, but
then again it might take twelve.  And he might not get it right.  Now,
the vendor might not get it right either, but it isn't going to cost any
more in hard $$$ (though Poor Slob will probably have to spend three
weeks figuring out that the vendor has screwed it up and working with
them to fix it).  And "one throat to joke" is probably the most
over-rated risk-mitigation thought ever thunk.

Any one who thinks they will buy a product and not have to pay anyone to
integrate into their environment is smoking crack.  But anyone who
thinks they don't ever have to pay any vendor anything because we can
always do a better job cheaper is also smoking crack.  Buy what you need
to make your staff best able to do their job.  The best answer might be
buy the BidiBLAH *and* pay P.S. six weeks to integrate it, improve it,
work on other things that he can now do better, etc.

Clark Gaylord
Blacksburg, VA USA
gaylord () dirtcheapemail com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]