
Three crazy ideas for reforming the penetration testing industry
Posted on 2020-10-02 by Matt Strahan in Industry
In two posts I looked at how it’s almost impossible to validate penetration testing results and where an Evilfirm penetration testing firm might cut costs and invest.
As much as we like to think we’re unique, there are other industries that have exactly the same issues as we do. In other industries there’s the situation where you can’t really verify the results because you’re after the skills of the other party. Some do it badly (I still don’t quite trust my mechanic), but others have made great strides in solving this problem.
Could we potentially use some of the ideas from other industries to do things better?