Penetration Testing mailing list archives

Re: [PEN-TEST] Penetration Testing Ethic

From: edison <edison () DHP COM>
Date: Wed, 13 Sep 2000 16:46:55 -0400

I don't know about anyone else, but I'm _thrilled_ when a report comes
back bare.  But it's not uncommon for corporations to choose different
pen-test companies each year/test.  If that were the case, then I
definitely would want the succeeding report to be empty.

On Wed, 13 Sep 2000, Mathew Bevan wrote:

This follows on from the pen testing cost thread, Alexander Sarris raised
the point about being sold repairs multiple times..

I have always had a problem with companies that not only perform the
security audit and make recommendations but perform the fixes as well... Is
it not in their interest to leave a few holes here and there so that their
report doesnt look so bare when they come back for repeat testing..

Obviously this is and ethical issue and something I feel shouldnt happen,
this operating on both sides of the fence situation..

What does everyone else feel about this?

Mathew Bevan aka Kuji (RL 1994)

Current thread:

Re: [PEN-TEST] Cost of Penetration Testing, (continued)
- Re: [PEN-TEST] Cost of Penetration Testing Naomi Rubin (Sep 12)
  - Re: [PEN-TEST] Cost of Penetration Testing Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Christopher M. Bergeron (Sep 12)
  - Re: [PEN-TEST] Cost of Penetration Testing Deri Jones (Sep 12)
  - Re: [PEN-TEST] Cost of Penetration Testing Alfred Huger (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Oliver Petruzel (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Jim Miller (Sep 12)
- Re: [PEN-TEST] Cost of Penetration Testing Alexander Sarras (SEA) (Sep 13)
  - [PEN-TEST] Penetration Testing Ethic Mathew Bevan (Sep 13)
    - Re: [PEN-TEST] Penetration Testing Ethic Bennett Todd (Sep 13)
    - Re: [PEN-TEST] Penetration Testing Ethic edison (Sep 13)
    - Re: [PEN-TEST] Penetration Testing Ethic Teicher, Mark (Sep 13)