Pentest reporting and the remediation cycle: Why aren’t we making progress? [CyberWire-X]

The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, “Is it our fault if they don’t fix things?” While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start.
But the real battle shouldn’t be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? …

age cyberwire defenders defensive defensive security don findings fix legacy making offensive old penetration penetration testing pentest progress remediation reporting security start testing the age things