I’m working on a project that has been selected for an external security review by a consulting company. They are asking for a lot of information but not really explaining the process to me. I can’t tell what kind of review this is—pen (penetration) test or some other thing. I don’t want to second-guess their work, but it seems to me they’re asking for all the wrong things. Should I point them in the right direction or just keep my head down, grin, and bear it?
展开▼