Re: Government Compliance

From: David J. Bianco (bianco@jlab.org)
Date: Thu Jun 16 2005 - 08:07:43 EDT


Dave wrote:

> "... The guidance for penetration testing was reviewed at [department
> committee] meeting... penetration testing shall consist of [product
> name deleted] vulnerability scans and running [product name deleted]
> for cracking passwords... if this has been done AgencyX shall get
> credit for penetration testing...."
>

Of course, I think most of us on this list would agree that this
definition doesn't actually cover penetration testing. It's more like
what we typically call "vulnerability assessment" (if we're charitable).
However, there are a lot of "penetration testers" who define their job
as indicated above, so it's easy to see where this kind of confusion
comes from.

IMHO, it's probably not worth quitting your job over, but good luck to
you if you do decide to look elsewhere.

        David



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:25 EDT