Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

pentest licensing

From: Pete Herzog <lists () isecom org>
Date: Sat, 20 Dec 2008 12:05:10 +0100
"professionalized" ourselves by requiring licensing.  The industry
reliance on certification rather than licensing as a credential somewhat
serves to muddy the waters because the decision makers hiring security
You think government-mandated licensing doesn't have the same problems? By blocking people who don't conform to the license model or can't afford it, you create a secondary culture which operates just outside the boundaries and undercuts the licensed professionals who are already feeling the pains of protective insurances and government regulation that the non-licensed people avoid and can spend on marketing. Furthermore, lobby groups with money o spend would dominate this licensing scheme in the best way it benefits them, lowering the bar of who can get licensed by skill but restricting it by price (and association). This fractures the market even more, confuses customers, and adds new cost burdens to security which must then either be government subsidized or added to the customer's cost.
The security market may be too fractured, too full of lies, and too arrogant to support a proper licensing program. Something simple like a mandate of stating the factual attack surface of a program, device, or product in general would go a long way to informing the customers of how exposed the new purchase will make them what they're buying and can track it and compare it to the results of the audit's they're buying. Right now most people are buying black box inspections of boxes with unknown contents. I think the market would cut out many of the bad players if the customers knew what it was they were actually getting audited and what the results should be. Currently they're getting a lot of "clutch grease" inspections on automatic cars because they have no idea what's in the car. 

-pete.

OPST, OPSA, OWSE, OPSE
www.isecom.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: