Security Code Inspection/Review Cost Estimates

When offering Security Code Inspection services [any services in fact...] I am asked by customers for cost estimates - pretty expected behavior

How to estimate expected effort? The detailed guide for Security Inspection is here.

One thing is to point out though [scroll down to EEG Considerations  when navigating to the above link]:

"In practice, EEG [Engineering Excellence Group within MS] has found that a higher volume of significant defects is found when reviewers limit themselves to 250–500 lines of code per hour."

That means if you are:

1. Security Specialist, it can help you estimate your effort and give realistic price quote to your customer

2. The customer requesting the Security Inspection services it may give you a hint what you are charged for...

Cheers