What I really want to know, is if a past customer (err - reader?) of sec review surfaces with a negative opinion of them, will you adjust your grade accordingly?
On Dec 20, 2007 1:20 PM, Sec Review Sucks <[EMAIL PROTECTED]> wrote: > This rating is based entirely off my personal feelings after reading > several of the emails you've sent out to the Full Disclosure list. I bring > up the following as my reasoning: > > 1.) What are your qualifications for reviewing these companies? > 2.) Your criteria for review is clearly flawed. Reviewing marketing > material, websites, etc. is just ridiculous. Typically these are not > created by the security team itself, but instead the marketing department > for a company. You only just mentioned that you started reviewing sample > reports, and that not all companies are willing to provide these. How could > you possibly review a company WITHOUT a sample report at the minimum? > 3.) What is your scoring system? Do you even have one? > 4.) If company A does not submit themselves for review, and therefore will > not provide you with the information you need to review them, do they get a > lower score? > > In any case, a consulting company provides far more then simply a > marketing site and sample deliverables. Unless you can survey a companies > customers, I don't see how you could ever make a reasonably accurate > assumption. Therefore, I rate SecReview as an F-. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
