$ list --filter=quote-only
18 of the 20 vendors in this index publish tier structures (or nothing) but no usable dollar figure. Here they are with what to ask before signing.
Eighteen of the twenty vendors tracked here are quote-only: Cobalt.io, HackerOne, Bugcrowd, Synack, NetSPI, Rapid7, Bishop Fox, Trustwave SpiderLabs, Coalfire, Praetorian, Mandiant, CrowdStrike, Secureworks, Pentera, Intruder.io, BreachLock, DeepSeas Red (ex RedTeam Security), Schellman. Cobalt and BreachLock publish tier maps; the rest route every product to a sales call. None of this is unique to pen-test; it mirrors the wider enterprise-security purchasing pattern.
Last verified June 2026
$ vendors --list
$ before-signing --questions
Send every quote-only vendor the same twelve-question RFP. The answer-quality difference is itself a buying signal. See the RFP template.