mailing list archives
Re: [PEN-TEST] Penetration Testing Ethic
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Wed, 13 Sep 2000 19:33:29 -0400
I have always had a problem with companies that not only perform the security audit and make recommendations but
perform the fixes as well... Is it not in their interest to leave a few holes here and there so that their report
doesnt look so bare when they come back for repeat testing..
Personally I feel this is what third party verification is all about. Why would you want to depend solely on the output
of one company?
Shady businesses may deal this way but it would be more effective for a company to be ethical upon the matter and as
someone who is using these services I say it should be there responsibility to check their credentials.
Aside from this it would be more effective to report things entirely as it establishes trust between the vendor and
client, and as we all know security changes so fast so there'll always likely be reasons to come back for future
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
- Re: [PEN-TEST] Penetration Testing Ethic J. Oquendo (Sep 14)