Secure Coding mailing list archives
ddj: beyond the badnessometer
From: muscetta at gmail.com (Daniele Muscetta)
Date: Fri, 14 Jul 2006 12:33:19 +0200
On 7/13/06, Gary McGraw <gem at cigital.com> wrote:
3) never use the results of a pen test as a "punch list" to attain security
You are right, but very sadly, that's how it gets used by a lot of companies.... "hey, the pen testers found problem 1, 2, 3 - we fix those, we are fine". No way. But still.... I've seen this done in a lot of places.... Best, Daniele -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20060714/7d662d11/attachment.html
Current thread:
- ddj: beyond the badnessometer Gary McGraw (Jul 13)
- ddj: beyond the badnessometer Gadi Evron (Jul 13)
- ddj: beyond the badnessometer Nash (Jul 13)
- ddj: beyond the badnessometer Arian J. Evans (Jul 14)
- <Possible follow-ups>
- ddj: beyond the badnessometer Gary McGraw (Jul 13)
- ddj: beyond the badnessometer Daniele Muscetta (Jul 14)
- ddj: beyond the badnessometer Gadi Evron (Jul 14)
- ddj: beyond the badnessometer Daniele Muscetta (Jul 14)
- ddj: beyond the badnessometer Dana Epp (Jul 13)