[Dailydave] So when will the end of pen-tests begin?
Saad Kadhi
saad at docisland.org
Thu Nov 23 03:18:28 EST 2006
On Nov 23, 2006, at 5:48 AM, Isaac Dawson wrote:
> So when will these tests end? 5-10 years? 20? I know we will
> 'always' need security validation, but will customers
> be willing to spend the (sometimes insanely overpriced) amount for
> these types of tests?
> Is anyone else thinking about what they will do next? :)
Turning to risk-based security testing and working in an "inside-
>out" fashion for big software shops?
I don't think pen-tests will "end". Think about the actual trend of
distributed components, SOA etc. They may need recalibration (for ex.
by acquiring more knowledge beforehand on the inner guts of software
instead of a Black Box approach) and skills' honing but they still
and will remain an essential part of software security.
--
Saad Kadhi - http://saad.docisland.org/
"He who relieves the poor makes Ahura king"
More information about the Dailydave
mailing list