|
|
|
|
|
|
by noxToken
3278 days ago
|
|
|
> Big companies can even afford to make it a requirement of their release cycle. Oh man. I have a peer who works for a very large international company. They require pentests in their release cycle. What could go wrong? Turns out that pentesting isn't in the final portion of their release. They tag a release candidate (e.g. v5.7.0-rc), send that build to the pentesters, then fix other integration and user-acceptance bugs while the pentesters are working. The pentesters may greenlight v5.7.0-rc when it's really v5.7.3-rc that's shipping, and the pentesters are none the wiser. Security only works when the culture supports it. |
|
|