Re: Realsecure

From: Stover, S.f. (sstover@enterasys.com)
Date: 10/15/01 

From: "Stover, S.f." <sstover@enterasys.com>
To: "malj31" <malj31@dial.pipex.com>, <focus-ids@securityfocus.com>
Subject: Re: Realsecure
Date: Mon, 15 Oct 2001 09:03:49 -0500
Message-Id: <01101509034900.00361@maul.ctron.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 13 October 2001 05:19, malj31 wrote:
> Is it true that in order for an IDS system to be included in your testing
> that you charge the company? If so does this not affect your opinion if
> the company declines to pay?

        I know Bob already replied to this post and explained his viewpoint, but I
wanted to throw in some vendor perspective. I must admit that when you first
examine the 3rd party testing model, it's easy to point fingers and say "You
take money for testing, therefore your results are biased." Sometimes (I'm
certain!) this is the case, but imagine how much testing would get
accomplished if vendors weren't paying. Who would? The prospective
customers? Doubt it. I just can't see every company that's evaluating IDS
paying Neohapsis to do a 8 month test like they did for NWC. OK, old news -
this has all been said before.
        On to the vendor opinion. There are several key points that make 3rd party
testing attractive to me:

I want other people to see how good Dragon is.
I want to hear what isn't so good about Dragon.
I want to learn better ways to test Dragon.

I don't mind paying for those three things. What I DO mind is when I pay and
don't get those three things. Nuff' said.

- --

Samuel f. Stover
Director of IDS QA
Enterasys Networks/NSW
sstover@enterasys.com
GPG Key Fingerprint: 768E C80E 4AAD 63A3 DA0D B2F2 8529 52E3 3F91 2AA5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7yuzMhSlS4z+RKqURAn+DAJ4wnQ/rL01cD12mAVOR5ypxVkReyQCaAqDL
Ao/GLsiauuTIdg/J6wvUtOA=
=Iswd
-----END PGP SIGNATURE-----