An industry association has been created for ethical hackers, in a bid to reassure buyers of systems and applications that such products have been sufficiently tested.
The Council of Registered Ethical Security Testers (Crest) made its public debut on Wednesday at the Infosecurity Europe conference in London. The aim of the council is to standardize ethical penetration testing and provide professional qualifications for the testers.
Crest chair Paul Docherty said: "Penetration testing is a widely accepted method of assuring information security and has become an integral part of many organisations' operational and technology risk management programs."
"Yet despite the widespread use of penetration testing, there has historically been a definite lack of agreed commercial standards and practices. We formed Crest with a number of other providers in order to supply a high level of standard to companies who engage with security testers," he added.
Crest's advisory panel includes representatives from insurance group Aviva, Lloyds TSB and the NHS.
Member companies are part of the new Crest trade body, which will govern the Crest professional body that provides for individuals who are not employed by the member companies, in areas such as exams.
Crest is running certification examinations in two streams: infrastructure testing and Web-application testing. Testers can either apply for certification at the corporate level or on a standalone level as a "Crest associate".
Play video
There are currently no comments for this post.