While it is great you have had this done, this is mostly marketing. Unless there were some other tests done, you are being very misleading on what this really means.
"(formerly McAfee Hacker-Safe), who are ranked #1 in security industry for threat detection"
Ranked #1. When and by whom?
"We were tested for >1,000 known vulnerabilities specific to our platform"
Really? How were the tests specific to your platform? To my knowledge, and after talking to them on the phone today, there is only one McAfee Secure product. It is a standard daily PCI scan that is the same for everyone that buys that product. You can be set up and them scanning you in hours by putting some code on your site. As their rep said on the phone "it is all in the cloud, you just put the code on your site and we scan every day."
We have also achieved all requirements for the McAfee Secure Trustmark
The trustmark is just a badge you get for passing all the automated tests every day. It is a marketing "bonus" to show your customers you got the scan done, there are no additional tests involved. They even say on their site that by displaying the badge customers got "12% increase in sales conversions"
certified for compliance with 7 information and data security standards
Is this what McAfee says you have passed from using their McAfee secure product? Or do you have other tests?
Itsagas,
I think there may have been couple of miscommunication on your call - McAfee has three products. (1) McAfee Secure (2) McAfee PCI Certification, and (3) McAfee Saas Vulnerabilities Scan.
Sales teams are not the best source for technical answers. Please open a ticket with their support team, who will be able to tell you far more details.
Essentially, the test includes a set of probes to guess what software / versions you are running, and then the specific tests battery starts. I have the full log available to me, and can share it with a reputed member of Bitcoin forum for independent verification.
And as I mentioned couple of messages back, McAfee is just one facet in our approach. We are using everything from Nmap to peer-reviews to find holes before launch.
Hope this helps,
Keyur
Thanks Keyur, I am aware what they offer, I talked to them at some length. Here is their three products. There actually aren't different tests involved between the three.
Yes, you fill a questionnaire out and then the tests start. Then the tests are the same every day. I understand. I am just saying to admit to what this actually is.
No doubt you have logs full of tests, no one is questioning you signed up and did Mcafee Secure. The tests in your logs will be the standard tests that the Mcafee Secure Daily PCI scan gives to every website that pays for that service.