|
|
|
|
|
|
by iancmceachern
836 days ago
|
|
|
Not really because these things aren't defined. There is no definition or standard to which you would do your in house tests to. It's not like other things where you design it to comply with iso whatever and then you test to that. Here the standard so to speak is defined by the penetration test itself. An example in safes. No safe is untraceable. Safes are spec'd by number of minutes to resist a tool attack. Then when a safe company goes to UL or whatever to certify the safe, UL technicians get the best commercially available tools and try there best to break into the safe and time themselves. If it takes them more than the spec, it passes. Here there is no spec. There is no defined time. There is no standard. It's just up to what you can get the penetration test house to agree to write. |
|
|
I'm not really sure why the lack of such a standard definition prevents people from writing that down and then being willing to back up their words?
I can see a time efficiency argument, cost reduction argument, etc., for standard definitions here, but at the end of the day, they're not necessary.
The companies that offer the most credible products, verified via third party testing, get FDA approval. Everyone else gets weeded out.