By David Foster
Introduction
Let me begin this paper with a story. When a few colleagues and I began Caveon in 2003, it was the only area of testing where I could safely work. I had just left my job at a company. My employment contract had non-compete clauses that restricted me from competing, and therefore from working in virtually every area of testing. However, there was a single area in the field of testing that wasn’t covered by the non-compete clause; and that area was “test security.” Also fortunately for me, I had friends who seemed to believe that test security was a good bet for their future as well. They joined me in the new venture, Caveon.
The point of this brief story is that we started Caveon knowing a bit about test security, but as a focus, it was very new for us. Our combined hundred-plus years of experience counted for something; that was sure. We had designed, built, administered and analyzed more high-stakes tests than any similar group. Despite our considerable experience, we were not security experts. We had not been trained in security specifically. Instead, our security training came indirectly throughout our varied experiences in the testing industry. (Continue Reading…)