Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Penetration Testing Ethic

From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Wed, 13 Sep 2000 19:33:29 -0400


I have always had a problem with companies that not only perform the security audit and make recommendations but 
perform the fixes as well... Is it not in their interest to leave a few holes here and there so that their report 
doesnt look so bare when they come back for repeat testing..




Personally I feel this is what third party verification is all about. Why would you want to depend solely on the output 
of one company?

Shady businesses may deal this way but it would be more effective for a company to be ethical upon the matter and as 
someone who is using these services I say it should be there responsibility to check their credentials.

Aside from this it would be more effective to report things entirely as it establishes trust between the vendor and 
client, and as we all know security changes so fast so there'll always likely be reasons to come back for future 
business.

Jesus Oquendo

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
Previous By Date Next
Previous By Thread Next

Current thread: