Ethical hackers face new test - 22 Mar 2007 - Computing.co.uk
Article covering the launch of CREST, a uk based scheme to certify ethical hackers, and comparing it to the current CHECK scheme run by the UK government.
I think that a system like this is definitely a good idea, although it needs to go further than the CHECK scheme did in certain areas.
Personally I don't think that the CHECK system was especially relevant to non-government organisations apart from to give that comfort factor around trustworthiness (although even that had little practical effect as most clients would want contracts/NDAs signed regardless)
Where I'd hope CREST will develop is to provide more specialism in where the individual will be certified. For example someone who's a great web application tester would be certified specifically for web application testing and wouldn't necessarily be certified for database security testing or Firewall security testing. this would give clients a much better level of assurance that the people doing the work have a good level of knowledge in that specific area.
Leave a comment