So far in this series, we’ve discussed what ethical hacking is and what to look for in someone you hire to test your code. Those are the initial considerations when starting the ethical hacking process, but now the hacker is done and has data for you to review. What happens next is all up to you. While ethical hacking is part of compliance, it’s not just a box to check off when testing is complete. You have to actually do something with the data yielded during the hacking process.
A vanity test is a useless, expensive waste of money. You are essentially bringing someone in to break into your systems, hunt you down and kill your business. You want them to figure out all of the bad things that are hidden in your system that you don’t know are there. Then you’re going to sit on that data and do nothing with it so you can check a box and say you did the test. It keeps you in compliance, so maybe you avoid a fine, but it’s really not doing you any good. And if something does happen, now you are actively negligent.
***Click here for full text***