Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Penetration Testing Ethic
From: edison <edison () DHP COM>
Date: Wed, 13 Sep 2000 16:46:55 -0400

I don't know about anyone else, but I'm _thrilled_ when a report comes
back bare.  But it's not uncommon for corporations to choose different
pen-test companies each year/test.  If that were the case, then I
definitely would want the succeeding report to be empty.

On Wed, 13 Sep 2000, Mathew Bevan wrote:

This follows on from the pen testing cost thread, Alexander Sarris raised
the point about being sold repairs multiple times..

I have always had a problem with companies that not only perform the
security audit and make recommendations but perform the fixes as well... Is
it not in their interest to leave a few holes here and there so that their
report doesnt look so bare when they come back for repeat testing..

Obviously this is and ethical issue and something I feel shouldnt happen,
this operating on both sides of the fence situation..

What does everyone else feel about this?

Mathew Bevan aka Kuji (RL 1994)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]