3) never use the results of a pen test as a "punch list" to attain
security
You are right, but very sadly, that's how it gets used by a lot of companies....
"hey, the pen testers found problem 1, 2, 3 - we fix those, we are fine". No way. But still.... I've seen this done in a lot of places....
Best,
Daniele
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php