While hiring security specialists with a staff roll of cleared and sanitised white hats is one avenue, companies also hire individuals and less established groups to test their security. As Kenneth de Spiegeleire, manager of security assessment services at ISS, points out: "Unfortunately, not all service providers respect the same code of conduct or rigorous testing methodology.". . .
While hiring security specialists with a staff roll of cleared and sanitised white hats is one avenue, companies also hire individuals and less established groups to test their security. As Kenneth de Spiegeleire, manager of security assessment services at ISS, points out: "Unfortunately, not all service providers respect the same code of conduct or rigorous testing methodology."

Toby Ben, products manager at Access Research, agrees. "I class myself among the white hats," he says. "I've been through the checks required by my employer, a security specialist.

"But if you're a company and you want to hire a prospective hacker, it's more difficult. You don't have the resources."However, Ben does see a light at the end of the tunnel. "In the short term, the best way is to go with a recognised penetration team. These teams base their entire existence on being able to do comprehensive evaluations.

The link for this article located at vnunet is no longer available.