Penetration Testing: Re: Pentesting tool - Commercial

[Pete Herzog <lists () isecom org>]

Hi,

Ivan Arce wrote:
<snip>
> Going back to the original comments about CORE IMPACT and the 'count of 
> exploits' I'd like point out just that throwing numbers without 
> qualifying the measurement criteria and the relevance of the methodology 
> is not a very serious assessment of a product's capabilities, its 
> suitability for a given use or the value it may provide to a security 
> professional.
I'd like to add as a person not actually selling products or having any 
commercial ties to any software tool maker that Ivan is correct here. 
There are so many important variables to how a tool should work that 
judging on numbers alone of something that has no clear standard for how it 
should be counted is just ignorant.
-pete.
www.isecom.org


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------