The best way for IT administrators to test their systems is by using hacking tools against them, according to a leading security specialist.
The plethora of exploit code available on the web to attack corporate servers should be used as a resource to test computer security. By running such code administrators can judge the efficacy of their defences and make appropriate adjustments.
"There are several legitimate uses for exploit code," explained Ivan Arce, chief technology officer at Core Security Technologies.
"We need to understand the strengths and limitations of our tools. It helps to deploy timely and cost-effective mitigation measures."
Arce pointed out that code designed to exploit flaws in software programs is a valuable resource and should be used as such. Both legitimate and illegal organisations are now selling such code for use in testing.
This new value on exploit code is such that new vulnerabilities are being traded on the open market. Spammers and malware writers are buying it to further their ends, but legitimate security companies are also buying the information.
"There is an increasing perception of value for vulnerability code," said Arce. "The good guys value it and are not giving it up for free. The bad guys want it so they can carry on their attacks."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago