|
|
|
|
|
|
by IncludeSecurity
2069 days ago
|
|
|
This sort of thing happens even for high-end pentesting. Here is the same assessment done by four decent consulting companies. They all found risks that the other companies missed. https://ostif.org/four-audits-of-randomx-for-monero-and-arwe... This is what I'm giving to clients who have unreasonable expectation that all vulns should be found during an assessment. The usually "time boxed" nature of this sort of work does allows for 1.5 sigma when many companies always expect 3 sigma coverage. |
|
|