Re: The business/marketing of pen-testing.

kingpang_at_gmail.com
Date: 10/28/04

  • Next message: sk3tch_at_sk3tch.net: "RE: TS/3389 risk on Internet" 
    Date: 28 Oct 2004 21:09:19 -0000
To: pen-test@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <EA182BB3B632994AA3617BA6449634B69DAE0E@vetweb.vermeertexas.com>

    Hi Aaron, Jeff and Randy,

    I have a similar initiative to Aaron, but the difficulty I am facing (and probably Aaron too) is how to generate Sales. Security is different from other software solutions in a way that there is no easy-to-measure ROI. The ROSI (Return on Security Investment) is an rather abstract approximation. (see http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx for more information)

    If we talk about target market, for small companies, they probably don't care about security. For mid-size companies, they usually prefer training their developers to implement (easy) security features. For large company, why would they trust our new and small company?

    In my opinion, security is more about education. Maybe it is worth starting up a computer security school instead.

  • Next message: sk3tch_at_sk3tch.net: "RE: TS/3389 risk on Internet"

    Relevant Pages

    • Re: Security Education in the Workplace
      ... You said you did threat modelling. ... building better security tests and have them hooked into the master build ... used to approach the education in the workplace, ... This would mean in many cases the materials ...
      (SecProg)
    • RE: User Education (was: New article on SecurityFocus)
      ... Those responsible for the education ... > security relates to their job - about the only time they run into it is ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: Why Easy To Use Software Is Putting You At Risk
      ... So even if you do not want the piece of paper - education never hurts. ... Can Easy To Use Software Also Be Secure ... because DNS does not configure properly or security permissions are ... easier to work with then they use to is developers have created ...
      (Security-Basics)
    • Re: [fw-wiz] The home user problem returns
      ... > With the current state of Internet software, ... > We're wasting our breath in general. ... >>User education still needs to happen ... Security" and Paul's "Something About Security". ...
      (Firewall-Wizards)
    • RE: User Education (was: New article on SecurityFocus)
      ... Those responsible for the education ... security relates to their job - about the only time they run into it is ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)