Penetration Testing mailing list archives
Re: Pentest Letter of Achievement/Certificate
From: Michael Sierchio <kudzu () tenebras com>
Date: Wed, 13 Jul 2005 11:27:08 -0700
Tom Van de Wiele wrote:
I find the concept of giving someone a certificate for resisting a penetration test very dangerous. Nothing can guarantee that after the test (especially a blind penetration test) all vulnerabilities havebeen found and identified.
It's all a matter of what the certificate attests to and how it is interpreted. I see nothing wrong with a statement affirming compliance with consensus best practice, or acceptable resistance to the known, relevant vulnerabilities on a certain date, etc. This is by no means a guarantee of "safety" or "security," but it might be a useful tool in establishing a disciplined approach to risk. Dubious analogy: my mechanic signs an inspection certificate that says that the tire pressure, chain tension, steering, brakes, etc. are in good condition on my motorcycle -- he's not promising that I won't crash.
Current thread:
- Re: Pentest Letter of Achievement/Certificate, (continued)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
- RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Matthew J. Harmon (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Michael Sierchio (Jul 13)