Posted by: Vipin | December 3, 2009

Who owns the “security” testing?

“Security” – one of the prime concerns of the Internet world.  Today we are living in a world, where many things can be done with the Internet.  Many of us have not visited our banks for a money transfer for months or years.  Everything is happening on a click of a mouse button.  Easy and simple, but with hidden possible vulnerabilities.

We can find a lot of automation tools for many of the testing activities.  They have a clear owner for this.  Quality Department.  But when it comes to the security aspect, in many places, I was not able to find a real owner.  Everybody would like to do the security test on a continuous manner. There are excellent tools available in the market.  In my experience, automation never goes beyond a Proof of Technology (PoT) session.  Either the company is getting scared about the present status, or, most of the time, there is confusion about who should own up this and take it forward.

In an Internet economy, when we can find responsible persons for to make sure the functionalities of the system, it is much more important to find somebody who should be responsible for security of the applications.

Spend some time to understand more about automation in this regard.


%d bloggers like this: