Pierce, Justin D., Jones, Ashley G. and Warren, Matthew 2005, A taxonomy of penetration testing ethics, in Conference proceedings of AiCE 2005 Geelong, September 26th, 2005, fourth Australian Institute of Computer Ethics Conference, Deakin University, School of Information Systems, Geelong, Vic..
In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.
Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact firstname.lastname@example.org.