Home page logo

pauldotcom logo PaulDotCom mailing list archives

Vulnerability assessments and their cost
From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Wed, 6 May 2009 08:22:14 +0100

2009/5/6 Jason Wood <tadaka at gmail.com>

Well, to narrow this down a bit more, lets focus on a network vulnerability
assessment only.  What would be a reasonable price for a network
vulnerability scan of a single Class C network?  No penetration testing,
just scan through and see what vulnerabilities are exposed on the 254 IP
addresses available.

Personally, a vulnerability scan is pretty simple to run, but I've seen at
least one quote that seemed excessive, to put it mildly.  Around $10,000 in
this case.  Again, this is a larger vendor and it is a bit easier for a
customer to believe the results presented by a familiar name rather than XYZ
Security Company.  It just have a hard time believing it provides **that**
much value.


Don't feel afraid of haggling about the price. There's a strong sales
element behind any IT service and prices vary between customers even if the
variables are the same. Negotiate one the price and then make a final offer
and with luck they will come down to a better figure. If you shave 20% off
the price maybe you can send yourself to DefCon on the savings :-)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090506/6f3a38f2/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]