Quite a varied list. As one respondent put it (possibly paraphrased) "security testing is like underwear, everyone has their own preference". In this case we are likely to go with one of the vendors suggested by our client who has done work for them before and who they feel comfortable with. Thanks for your feedback, everyone, and I hope I didn't miss any. VZB (Verizon Business) IBM ISS (multiple positive) SecureWorks MSS (multiple positive recommendations, multiple negative) Sysnet (sysnet.ie) Deloitte (reported poor result) British Telecom Managed Services Mandiant Inguardians (multiple positive) Metasploit Rapid7 BreakingPoint Counterpane MWR Infosec Corsaire KPMG (negative) Vulnerability Research Labs C2 Company Fishnet Security Neohapsis Trustwave/Ambiron (multiple positive, multiple negative) Terremark Qualys Foundstone Netcraft Patch Advisor Praetorian Global Netragard Enclave Core Security Technologies Matasano Stach & Liu Gotham Digital Science Secure Network Technologies