Hacker News new | past | comments | ask | show | jobs | submit login

I believe a LOT of security testing will evolve to QA and software testing. There a LOT of issues will be found. Instead on micro-focuses (in the past), the CD approach can test the whole system, which is a huge leap forward.

Pen-tests should be good reality checks to ensure the system is working, and that it is sufficient to withstand current attacks.

Sometimes companies are very smug and need the reality check. Boards are starting to request them to ensure the confidence is warranted.

I've also seen pen tests used as a tool to GET funding. Fail one big time due to known vulnerabilities just to show how messed up things really are...then get a budget to fix them.




The smugness thing really hits home. Sometimes clueless, overconfident or downright negligent people are so embedded in a culture that an outside expert opinion is exactly what's needed.

Thanks for the reply.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: