London software testing news UK

Security testing and ethics

Posted in security testing by testing in London on March 15, 2009

From eWeek

How do responsible security researchers work? It’s not exactly the same field as botnet research, but I think you can get a good sense of good principles from the Fundamental Principles of Testing for the AMTSO (Anti-Malware Testing Standards Organization): Never create new malware and protect the public networks from the research at all times.

Alex Eckelberry, CEO of Sunbelt Software, commenting on this in a post to the funsec mailing list. says it well:

…malware researchers routinely deal with botnets for analysis purposes. It would be considered a high crime indeed to allow a spambot to actually send spam to the outside world, even for “testing” purposes. And, shutting down a botnet yourself, even with the best intentions, is simply not a good idea. You don’t know what accidental harm you may cause. You also don’t really know what’s on the user’s system that will simply restart the whole process.

Software testing resources

One Response to 'Security testing and ethics'

Subscribe to comments with RSS or TrackBack to 'Security testing and ethics'.

  1. Deepak said,

    Please send me the articles for security testing

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: