Penetration Testing mailing list archives
Ethics (testing and mitigation)
From: Tony <tony_l_turner () yahoo com>
Date: Sat, 28 Feb 2009 21:04:46 -0500
Is it ethical for a security testing (VA, Pen-test, etc) shop to provide mitigation services? If so, under what context? How to guard against the tendency to try to sell a customer the solutions that profit you the most instead of those that the customer needs the most? Should services be sold as a single blanket package or priced in such a way as to minimize this effect? How does this damage your credibility as an impartial tester? You don't have to answer all of this, just looking for discussion along these lines. -- Tony L Turner CISSP/CISA/GSEC/ITIL IT Security/Disaster Preparedness Consultant
Current thread:
- Ethics (testing and mitigation) Tony (Mar 03)
- Re: Ethics (testing and mitigation) Micheal Cottingham (Mar 03)
- Re: Ethics (testing and mitigation) Dotzero (Mar 04)
- Message not available
- Re: Ethics (testing and mitigation) Parity (Mar 04)
- Re: Ethics (testing and mitigation) Justin Ferguson (Mar 04)