A set of persons or organizations that conduct software penetration tests to assess the security of computer “subjects” they have been hired to test. The penetration test may be carried out by monitoring during normal operations, by casual inspection, through formal evaluation, or by systematic testing.
The life cycle of a “vulnerability case” starts with the discovery of a defect and ends after the problem has been resolved, usually by a team of experienced security professionals called “tiger teams.” In recent years, varying points of view regarding the “vulnerability process” have been presented in professional papers and professional conferences by security experts. The Black Hat gathering of security professionals, organized by Jeff Moss in Las Vegas in July of every year, serves as one vehicle of vulnerability process communication.
See Also: Vulnerabilities of Computers.
Laakso, M., Takanen, A. and Roning, J. The Vulnerability Process: A Tiger Team Approach to Resolving Vulnerability Cases. [Online, 2004.] University of Oulu Website. http://www.ee.oulu.fi/research/ouspg/protos/sota/FIRST1999-process/paper.pdf.