Legalities and Penetration Testing

[David Stack <dstack () UWSA EDU>]

I’m new to the list, so I apologize if this has been discussed already. I did a scan of the group archives and did not 
find anything directly relevant.

We are on the verge of contracting with a vendor to do some penetration testing and have run into concerns about how 
penetration testing could get us and/or the vendor in legal trouble.

http://www.techrepublic.com/article/dont-let-a-penetration-test-land-you-in-legal-hot-water/

Could any point me to a more concrete list of best practices regarding legal terms and conditions for penetration 
testing contracts?

Thanks in advance!

— David

David Stack
Interim Associate VP & CIO
University of Wisconsin System
dstack () uwsa edu