Out of scope vulnerabilities
'The stats look at vulnerabilities on systems "out of scope" for pen-testers but not hackers'
I'm not familiar with the concept, would anyone care to enlighten me?
"David Morgan, executive principal at NCC Group, said:"
What exactly is an 'executive principal', does s/he maintain systems, write code or test for security vulnerabilities?
"Since they are a frequent target for cybercriminals, financial services companies should be continuously monitoring for vulnerabilities and regularly updating their software, particularly when these tools form the building blocks of what are often business-critical web applications."
If you work in information technology and this is news to you then maybe you should find another career. And if your IT people aren't already doing the above then maybe you should get rid of them and hire on some competent people.