Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to go about looking for a pen-tester

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 4 Jun 2001 00:20:47 -0400 (EDT)
On Sun, 3 Jun 2001, Etaoin Shrdlu wrote:


hellNbak wrote:



        [SNIP]



Sure, but references are not always possible. Many penetration tests
will be covered by non-disclosure agreements. Companies are risk-averse,
as they should be, and this particular area is seen as one that does not
lend itself to the next big marketing campaign. I can see it now:
"BigCompany announces successful penetration testing by Ernst and Young.
Only five compromised machines this time!"



I do not think "references" has to be taken in this context.  A company
can affirm that their dealings with another without divulging too much
secured information in the process.  Just becuase I acknoledge I hired a
firm to test my systems does not have to in anyway imply weakness was
discovered.  So, references should be possible for anything but a startup
firm and then even in that case, references of partners or cuonsultants
prior work experience in the field might well and should be able to be
presented, yes?

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!
Previous By Date Next
Previous By Thread Next

Current thread: