mailing list archives
Re: [SCADASEC] 11. Re: SCADA Security - Software fee's
From: Valdis.Kletnieks () vt edu
Date: Sat, 21 Feb 2009 21:30:01 -0500
On Fri, 20 Feb 2009 09:24:29 EST, Smoking Gun said:
Ironically, your own quote"company"quote offered penetration testing
services at the insane pricing scheme of "we'll pentest0r joo for free
and if we find something you can pay us to find other holes!".
And how, exactly, is that an "insane" pricing scheme? If you think about
it for a bit, it actually makes quite a bit of sense - Snosoft needs to prove
they're in fact good enough to be able to find the holes you're paying them
to find, or it doesn't cost anything.
That *sure* as hell beats paying $100K for a pen test, and then finding out
that you hired a bunch of asswipes who can't find holes.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/