#1331 PENT - Penetration testing - separate research and testing elements change request accepted
Separated into the skills that ‘research, discover and develop exploits, reverse engineering and researching of mitigation bypasses’ and the skills to implement and test etc.
While many of the categories are reasonably accurate, it seems to me that while the ‘Research’ attribute is correct, there isn’t an ‘Applied Research’ equivalent in SFIA 7 – and also, this description is also only partially reflective of this skillset.
|
7.1 |
Research The systematic creation of new knowledge by data gathering, innovation, experimentation, evaluation and dissemination. The determination of research goals and the method by which the research will be conducted. The active participation in a community of researchers; communicating formally and informally through digital media, conferences, journals, books and seminars. |
|
7.2 |
Applied Research Vulnerability research and discovery, leading to the development of exploits, reverse engineering and researching mitigation bypasses. Cryptographic research leading to the assessment of existing algorithms. In the information security field, uses existing knowledge in experimental development to produce new or substantially improved devices, products and processes. |
Proposed change applies to Penetration testing
Current status of this request: accepted
What we decided
Accepted into broader review of security skills for SFIA 8.
What we changed
Vulnerability research skill proposed for SFIA 8.