Re: They will protect me (won't they?)

[Jamie Riden <jamie.riden () gmail com>]

Hi Adriel,

Marcus Ranum for one disagrees  -
http://www.ranum.com/security/computer_security/editorials/point-counterpoint/pentesting.html
- so I think it's a little bit misleading to say that all seasoned
security professionals think pen-test is necessary. I don't agree with
Marcus by the way.

Fresh perspective is good, but it's also possible to get a fresh
perspective by getting an external auditor - ie. a white-box test -
rather than pen-test (black box).

I'm obviously going to agree with your main point that everyone needs
to secure their infrastructures!

cheers,
 Jamie

2009/2/11 Adriel T. Desautels <ad_lists () netragard com>:
> Jamie,
>        I understand your perspective but its not the perspective of any well
> seasoned security professional.  The fact of the matter is that that
> external teams will always identify risks and provide new perspective that
> you would not get from your internal team. Internal teams get stale.
> There's a lot more to what I'm saying than what I've just written, but if
> you read between the lines I hope you understand where I'm coming from.

-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
http://www.ukhoneynet.org/members/jamie/