> But if your neighbour lied and falsified documents to the point reasonable due diligence would have been fooled, perhaps the pentesters can be considered not at fault?
And here we end up back with irjustin's proposal that if pentesters are doing things that would be illegal without proper permission, they need to be prepared to spend some time in jail. Their risks there for which they need to be compensated include their own organisation failing in their due diligence and sending them into a test for which they're genuinely not legally authorised.
>And here we end up back with irjustin's proposal that if pentesters are doing things that would be illegal without proper permission, they need to be prepared to spend some time in jail.
This sounds very unreasonable once you start applying it to other actions in life. For example, picking up someone's kids so they can go on a play date with your own kids. That's kidnapping without permission. Should everyone who picks up another person's kids need to be prepared to spend time in jail for kidnapping?
This is an issue in schools today regarding after-school care and custody handoffs, with the liberty/efficiency-oriented people battling the law&
order/safety/think-of-the-children people. They both have valid perspectives, as is usually case in matters of statistically danger.
And here we end up back with irjustin's proposal that if pentesters are doing things that would be illegal without proper permission, they need to be prepared to spend some time in jail. Their risks there for which they need to be compensated include their own organisation failing in their due diligence and sending them into a test for which they're genuinely not legally authorised.