Before anyone talks about vulnerabilities to test for, we have to figure out
what the business cares about and why. What could go wrong? Who cares? What
would the impact be? Answers to those questions drive our testing strategy, and
ultimately our test plans and test cases.
We have to figure
All,
I just read Robert's blog entry about re-aligning training expectations for
QA. (http://bit.ly/157Pc3) It has some useful points that both developers and
so-called security people need to hear. I disagree with some implicit biases,
however, and I think we need to get past some stereotypes