From: Pete Herzog (lists@isecom.org)
Date: Tue Mar 04 2008 - 12:36:54 EST
Hi,
Ivan Arce wrote:
<snip>
> Going back to the original comments about CORE IMPACT and the 'count of
> exploits' I'd like point out just that throwing numbers without
> qualifying the measurement criteria and the relevance of the methodology
> is not a very serious assessment of a product's capabilities, its
> suitability for a given use or the value it may provide to a security
> professional.
I'd like to add as a person not actually selling products or having any
commercial ties to any software tool maker that Ivan is correct here.
There are so many important variables to how a tool should work that
judging on numbers alone of something that has no clear standard for how it
should be counted is just ignorant.
-pete.
www.isecom.org
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT