To what extent and to whom will you authorize to do that? 100 random college students? X number of new security firms? At some point it will break.
-- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun 20, 2022, at 17:04, b...@theworld.com wrote: > > > It seems to me there's vulnerability testing and there's vulnerability > testing and just lumping them all together motivates disparate > opinions. > > For example it's one thing to perhaps see if home routers > login/passwords are admin/admin or similar, or if systems seem to be > vuln to easily exploitable bugs and reporting such problems to someone > in charge versus, say, hammering at some network to see when/if DDoS > mitigation kicks in. > > For example I've gotten email in the past that some of my servers were > running ntp in a way which makes them vuln to being used for DDoS > amplification and, I believe, fixed that. I didn't mind. > > Anyhow, you all probably get my point without further hypotheticals or > examples. > > Scanning for known vulns and reporting can be ok, testing to > destruction? Not so much. > > -- > -Barry Shein > > Software Tool & Die | b...@theworld.com | > http://www.TheWorld.com > Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD > The World: Since 1989 | A Public Information Utility | *oo*