- 90 days free retesting is pretty standard
- Some offer 60 and some don’t offer it at all and some offer it for an upcharge
- Limited to what we found for the client
- We test the stuff we found and tell them if they patched the findings
- We update the report accordingly
- “X was found and was remediated”
- DO NOT remove vulnerability findings, just note it was fixed
- Also executive summary should reflect remediation (Attestation Letters)
- For project management, a client’s work is not considered “closed” until the retesting period is over.
Search