|
|
|
|
|
|
by digital_sawzall
903 days ago
|
|
|
>What percentage of the vulnerabilities discovered are independently discovered by multiple pen testers? I'd warrant nearly all of them, though it may take a while. If you have ever submitted or worked with a bug bounty program you will run into dozens of duplicates. I've personally performed and overseen assessments in which the company had already done a complete blackbox pentest and wanted a second whitebox review to make sure the first company knew their stuff and validate they found the same bugs. Also did a few of the honeypot assessments in which companies put purposely vulnerable code in to make sure 'we are doing our job', I hate those most. Depending on the testers speciality of course, the reports often found the same or similar issues. Source: 15 years as a pentester, offensive security engineer, and now security architect. |
|
|
Why guess when the other commenter has the actual data...?