On a side note, I believe hackers who expose security holes publicly are wrong. Such exposures does not allow a vendor time to fix the problem before the exposed hack is likely used by the now informed public. The way I see it, the only right way to expose discovered security holes is to inform the vendor, period. Any further actions are only born from a desire for recognition. A fact for which IT vendors could capitalize.

On a side note, I believe hackers who expose security holes publicly are wrong. Such exposures does not allow a vendor time to fix the problem before the exposed hack is likely used by the now informed public. The way I see it, the only right way to expose discovered security holes is to inform the vendor, period. Any further actions are only born from a desire for recognition. A fact for which IT vendors could capitalize.

The point here is pretty simple: if we don’t check ourselves to see if we have weaknesses, someone else will. We should not simply wait to be attacked using various methods that we’re too lazy to find ourselves.

Penetration testing is an excellent way to test mature security programs. It doesn’t prove security, but if it uncovers something, that information is often invaluable.

The point here is pretty simple: if we don’t check ourselves to see if we have weaknesses, someone else will. We should not simply wait to be attacked using various methods that we’re too lazy to find ourselves.

Penetration testing is an excellent way to test mature security programs. It doesn’t prove security, but if it uncovers something, that information is often invaluable.