On 7/13/06, Gary McGraw <[EMAIL PROTECTED]> wrote:
3) never use the results of a pen test as a "punch list" to attain

You are right, but very sadly, that's how it gets used by a lot of companies....
"hey, the pen testers found problem 1, 2, 3 - we fix those, we are fine". No way. But still.... I've seen this done in a lot of places....


Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to