[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] QuietMove ( D - )
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [Professional IT Security Providers - Exposed] QuietMove ( D - )
- From: "Andre Gironda" <andreg@xxxxxxxxx>
- Date: Mon, 31 Dec 2007 20:36:49 -0700
On Dec 31, 2007 2:13 PM, secreview <secreview@xxxxxxxxxxxx> wrote:
> Not sure about our readers, but to us at Secreview that hardly
> makes Adam an IT Security Expert.
>
> But wait, now we have a discrepancy...
Pardon me, but who is this? "secreview"? Who is behind this email
address? If you don't identify yourself then I assume that this
entire thread is some sort of vengeance play.
> According to the QuietMove website, Adam "has over 14 years of experience in
> information security, software, and product R&D with 8 years being dedicated
> solely to security." His QuietMove bio goes on to say "Adam's particular
> talents include penetration testing of web and binary applications,
> networks, systems, and SCADA, "social engineering" and physical penetration
> of facilities, and in developing professional services offerings."
>
> This just doesn't add up.
I can vouch for Adam's 14 years of experience and then some. When I
met Adam in 1992, he already had a strong command of Unix security.
He was an administrator (1 of 4 total over 7 years) of Unphamiliar
Territories (UPT), a vulnerability research BBS that ran from 1989 -
1996. It was a prominent place for information about vulnerability
research. Many held it in higher regard than Phrack magazine or any
leading website/magazine during that time period.
Sites such as PullThePlug, HackThisSite, etc all borrowed ideas from
UPT, and the code was re-used and made available in Phrack magazine as
well as integrated into the Linux kernel or features thereof. UPT was
about 5-6 years ahead of the NSA before they released SELinux and 7-8
years ahead of projects such as GRSecurity. Anyone making such an
enormous contribution to this sort of project has certainly provided a
greater service to our industry than a "secreview"/company-bashing
organization such as yourself.
> Anyway, remember we didn't set out to bash anyone here
Well then you should read your email before you hit the "send" button.
> but Adam/QuietMove
> put himself/themselves in the line of fire. QuietMove appears to be a very
> small and disorganized shop. Their website is half-assed and incomplete and
> we can't say anything better about their talent profile. We suggest that
> QuietMove complete their website and review their talent profile, then we'll
> set out to do another review and see if they score better. As of right now,
> we can't give them more than a D-. We'll keep an eye on their website and
> redo this review if they ever fix their issues.
Many small businesses such as QuietMove have a hard enough time
staying alive in this industry. I suggest you "pick on someone your
own size" even if you have a legitimate problem with QuietMove or
Adam.
Compared to the other companies that you mentioned (Accuvant, IBM/ISS,
Pegasus), QuietMove will certainly provide a much more friendly
service environment for companies to work in. I would put my
recommendation of quality on the work QuietMove does as A+. There are
few PCI ASV's or penetration testing companies that I would find any
value in -- and QuietMove exceeds my expectations in this area.
Cheers,
Andre
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/