“The basic premise of penetration testing is that you’ve got something that you don’t understand and you’re trying to achieve an understanding of it by having some outsider — who also doesn’t understand it — attack it, simulating someone who doesn’t understand it, trying to figure it out. Now if that’s not the dumbest thing you’ve ever heard of, I don’t know what it is.”

Marcus Ranum