What I really want to know, is if a past customer (err - reader?) of sec review surfaces with a negative opinion of them, will you adjust your grade accordingly? <br><br><br><br><div class="gmail_quote">On Dec 20, 2007 1:20 PM, Sec Review Sucks <
<a href="mailto:secreview.exposed@gmail.com">secreview.exposed@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">This rating is based entirely off my personal feelings after reading several of the emails you've sent out to the Full Disclosure list. I bring up the following as my reasoning:
<br><br>1.) What are your qualifications for reviewing these companies?
<br>2.) Your criteria for review is clearly flawed. Reviewing marketing material, websites, etc. is just ridiculous. Typically these are not created by the security team itself, but instead the marketing department for a company. You only just mentioned that you started reviewing sample reports, and that not all companies are willing to provide these. How could you possibly review a company WITHOUT a sample report at the minimum?
<br>3.) What is your scoring system? Do you even have one?<br>4.) If company A does not submit themselves for review, and therefore will not provide you with the information you need to review them, do they get a lower score?
<br><br>In any case, a consulting company provides far more then simply a marketing site and sample deliverables. Unless you can survey a companies customers, I don't see how you could ever make a reasonably accurate assumption. Therefore, I rate SecReview as an F-.
<br><br>
<br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></blockquote></div><br>