mailing list archives
Vulnerability assessments and their cost
From: mvharley2 at gmail.com (MV)
Date: Wed, 6 May 2009 12:08:03 -0700
*Bidder Comparison Worksheet*
*#* *Primary Bid Criterion* *Prospect Bid Weighting* *Ratings from Company
Perspective * *Average Competitor Score* *Key Differentiator* *Goal score *
*Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* 1 Price 10 H H M H H 28 Reasonable
price & identified costs 2 Experience 8 H H H M L 18 Client references 3
Technical 7 H H H M M 18 Technical Competency 4 Staffing 7 H H H L M
of staff, skills, & certifications 5 Reputation 4 H H H L L 8 Industry
perception of company & mgmt 6 Financial 4 H M H M L 8 Financial strength &
Dun & Bradstreet check? 7 Rules of Engagement 9 H H M H H 25 Complies within
the Rules of Engagement 8 Methodology Match 6 M H M M M 14 Will work within
a clearly defined Methodology 9 History with buyer 5 H H L L L 8 Length and
quality of vendor relationship 10 11 12
13 14 15
* Total Average Weighted Score* *19* *20* *16* *14* *13* *16* ** Dark
gray cells are calculated automatically. *Bidder
Comparison Worksheet* * * *Primary Bid Criterion* *Costs * **
** *Budget* *Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* ** ** Quoted costs
?? *$26,000* *$45,500* *$50,140* *$64,800* ** ** vs Low ?? $0 $19,500
$24,140 $38,800 includes expenses? ?? No No Yes Yes Expense amount
included in the the quote ?? No No $5,000 $4,800
Here is a vendor comparision sheet from a MS template.
The vendors are top tier.
On Tue, May 5, 2009 at 2:10 PM, Jason Wood <tadaka at gmail.com> wrote:
I recently received some pricing on a web application vulnerability
assessment from a large security service provider who shall remain
nameless. This assessment basically consisted of using web application
scanner, turning it loose, then performing some verification on the issues
reported. No actual exploitation of the application would be done. The
price was was fairly expensive. So I have some questions for the everyone.
What seems to be the going rate for a:
- Web application vulnerability assessment?
- Network vulnerability assessment?
- Wireless vulnerability assessment?
I assume there is some disparity between the prices of a brand name
security service provider and a smaller security company. Does anyone know
what those differences in price would be?
I'm trying to get some idea of what to expect as I contact different
companies. I wouldn't mind knowing for any future private endeavors as
Thanks for the help all.
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
Vulnerability assessments and their cost MV (May 06)