https://community.isc2.org/t5/Industry-News/quot-Crowdsourced-quot-pen-testing/m-p/19641#M2310 <P>OK, what's the difference between <A href="https://www.cyberscoop.com/hackerone-penetration-testing/" target="_blank" rel="noopener">crowdsourced pen-testing</A> and just standing there saying "hit me"?</P> Sat, 02 Mar 2019 19:55:34 GMT rslade 2019-03-02T19:55:34Z https://community.isc2.org/t5/Industry-News/quot-Crowdsourced-quot-pen-testing/m-p/19641#M2310 <P>OK, what's the difference between <A href="https://www.cyberscoop.com/hackerone-penetration-testing/" target="_blank" rel="noopener">crowdsourced pen-testing</A> and just standing there saying "hit me"?</P> Sat, 02 Mar 2019 19:55:34 GMT https://community.isc2.org/t5/Industry-News/quot-Crowdsourced-quot-pen-testing/m-p/19641#M2310 rslade 2019-03-02T19:55:34Z https://community.isc2.org/t5/Industry-News/quot-Crowdsourced-quot-pen-testing/m-p/19658#M2313 <P>I think there is a model, some traceability, RoE etc for HackerOne(which seems to be the Uber of pen test companies - but you only pay if they get you there), doubt gov, sneakey sneaky beakies etc will be able to use them... and isn’t the “hit me”covered by having a service up, users browsing, having some capital/value or being of interest to one or more sides aforementioned sneaky beakies?</P> Sun, 03 Mar 2019 09:56:13 GMT https://community.isc2.org/t5/Industry-News/quot-Crowdsourced-quot-pen-testing/m-p/19658#M2313 Early_Adopter 2019-03-03T09:56:13Z