Security providers around the world have been trying for years to engineer an effective means for conducting technical evaluations that is meaningful to the customer. For too long, we’ve seen fly-by-night consulting companies walk into a customer organization, run a security vulnerability scanner, print out the default application report (after replacing the logo), and present that to the customer as the final deliverable. Although the initial paper factor of this type of work might be ...