Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Vulnerability assessments and their cost
From: mvharley2 at gmail.com (MV)
Date: Wed, 6 May 2009 12:08:03 -0700

*Bidder Comparison Worksheet*
 *#* *Primary Bid Criterion* *Prospect Bid  Weighting* *Ratings from Company
Perspective * *Average Competitor Score* *Key Differentiator* *Goal score *
*Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* 1 Price 10 H H M H H 28 Reasonable
price & identified costs 2 Experience 8 H H H M L 18 Client references 3
Technical 7 H H H M M 18 Technical Competency 4 Staffing 7 H H H L M
16 Adequacy
of staff, skills, & certifications  5 Reputation 4 H H H L L 8 Industry
perception of company & mgmt 6 Financial  4 H M H M L 8 Financial strength &
payroll assurance
Dun & Bradstreet check? 7 Rules of Engagement 9 H H M H H 25 Complies within
the Rules of Engagement 8 Methodology Match 6 M H M M M 14 Will work within
a clearly defined Methodology 9 History with buyer 5 H H L L L 8 Length and
quality of vendor relationship 10                   11                   12
                  13                   14                   15
    *  Total Average Weighted Score* *19* *20* *16* *14* *13* *16* ** Dark
gray cells are calculated automatically.                         *Bidder
Comparison Worksheet*                * * *Primary Bid Criterion* *Costs * **
** *Budget* *Vendor 1* *Vendor 2* *Vendor 3* *Vendor 4* ** **   Quoted costs
?? *$26,000* *$45,500* *$50,140* *$64,800* ** **   vs Low ?? $0 $19,500
$24,140 $38,800    includes expenses? ?? No No Yes Yes    Expense amount
included in the the quote ?? No No $5,000 $4,800
  Here is a vendor comparision sheet from a MS template.

The vendors are top tier.

MV


On Tue, May 5, 2009 at 2:10 PM, Jason Wood <tadaka at gmail.com> wrote:

I recently received some pricing on a web application vulnerability
assessment from a large security service provider who shall remain
nameless.  This assessment basically consisted of using web application
scanner, turning it loose, then performing some verification on the issues
reported.  No actual exploitation of the application would be done.  The
price was was fairly expensive.  So I have some questions for the everyone.

What seems to be the going rate for a:

- Web application vulnerability assessment?
- Network vulnerability assessment?
- Wireless vulnerability assessment?

I assume there is some disparity between the prices of a brand name
security service provider and a smaller security company.  Does anyone know
what those differences in price would be?

I'm trying to get some idea of what to expect as I contact different
companies.  I wouldn't mind knowing for any future private endeavors as
well.  :)

Thanks for the help all.

Jason

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090506/6e59074c/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault