[spongle]

Actually as a solution architect I have to deal with all sides of the problems: people attacking, audit companies, penetration testing companies and software engineers leaving gaping holes.

The only people who deliver little value are the paid up consultants. When a full penetration and code review misses 4 purposely placed obvious vulnerabilities (by myself) they get told to fuck off. Application firewalls which are circumvented trivially. QoS solutions that don't work.

So far, four well known, well respected companies offering certification and testing have missed the holes and have been fired.

That's the problem: no delivery.

My attitude might be wrong in your eyes but I refuse to employ box tickers which is what the entire white hat side of the industry is about. Canned report, where's my cheque?

No seesaw other than a bent twisted one that sucks up cash in exchange for a half arsed job.