Security pentesting can be a slow, often expensive process for software companies. And the results often show where a product stands at a moment in time, not as a dynamic entity.
Companies traditionally approach pentesting in two ways. The first is to hire in-house pentesters, an option large banks often choose. But that can be challenging, as pentesters are in high demand and aren’t always available. The second approach is to use a traditional management agency or security consultancy. While each consultation project may be highly customized, they often take a long time to put together because all stakeholders need to agree on specifics, which could mean weeks before testing can start.
“Neither model, whether building in-house pentesting or outsourcing individual projects, fits with current software development practices,” said Caroline Wong, Chief Strategy Officer at Cobalt, a Pentest as a Service (PtaaS) Platform. “Everything is moving much faster because software development is iterative today.”
Read more here.