Not reading pen testing reports is a known and hard to patch vulnerability. Should we give it a CVE, @xme wonders http://blog.rootshell.be/2015/02/26/the-evil-cve-cve-666-666-report-not-read/ …
-
@bartblaze@virusbtn@xme Compliance-based testing fuels the industry. It's also its curse.
@william_knows @virusbtn @xme Good point. Which compliances would that be, any specifics? Thanks.
-
-
@bartblaze@william_knows@virusbtn True! Pentesting is not a bullet point in a checklist! -
@xme@bartblaze@virusbtn I think it can be if it encourages people to do one. The key is having the requirement to act on its results. - Show replies
New conversation -
-
-
@bartblaze@virusbtn@xme e.g. PCI DSS (both VA and pentest in v3); 27001 ("technical compliance review"); CHECK + Cyber Essentials (UK).Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.