Penetration Testing mailing list archives
Re: [PEN-TEST] Penetration Testing Ethic
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Wed, 13 Sep 2000 19:33:29 -0400
I have always had a problem with companies that not only perform the security audit and make recommendations but perform the fixes as well... Is it not in their interest to leave a few holes here and there so that their report doesnt look so bare when they come back for repeat testing..
Personally I feel this is what third party verification is all about. Why would you want to depend solely on the output of one company? Shady businesses may deal this way but it would be more effective for a company to be ethical upon the matter and as someone who is using these services I say it should be there responsibility to check their credentials. Aside from this it would be more effective to report things entirely as it establishes trust between the vendor and client, and as we all know security changes so fast so there'll always likely be reasons to come back for future business. Jesus Oquendo ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Re: [PEN-TEST] Penetration Testing Ethic J. Oquendo (Sep 14)
- Re: [PEN-TEST] Penetration Testing Ethic Bill Pennington (Sep 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Penetration Testing Ethic H Carvey (Sep 14)