January/February 2018 issue of acmqueue

The January/February issue of acmqueue is out now

  Download PDF version of this article PDF

ITEM not available


Originally published in Queue vol. 9, no. 9
see this item in the ACM Digital Library


Follow Kode Vicious on Twitter
and Facebook

Have a question for Kode Vicious? E-mail him at [email protected]. If your question appears in his column, we'll send you a rare piece of authentic Queue memorabilia. We edit e-mails for style, length, and clarity.


(newest first)

Sven Türpe | Wed, 11 Jan 2012 19:29:39 UTC

We collected a few strategies for production-safe(r) testing in a short paper a while ago (http://testlab.sit.fraunhofer.de/downloads/Publications/tuerpe_eichler_Testing_production_systems_safely_-_Common_precautions_in_penetration_testing_TAIC_PART_2009.pdf). These strategies stem from our experience in penetration testing, which is often done in production environments and is inherently intrusive. My recommendation to Locked Down and Out would be to evaluate the risks of debugging and options for mitigation, to make a test plan, and discuss this plan with the pertinent stakeholders. He or she should also try to get management support for the idea that it is worthwhile to hunt down this bug. A document on the table will help stakeholders to make the objections raised more specific and to discuss how to handle them, and management support ensures that at some point a decision will be mada.

Leave this field empty

Post a Comment:

© 2018 ACM, Inc. All Rights Reserved.