Companies must communicate clear expectations when contracting with pentesters, red teams and vulnerability hunters in order to set key ground rules for what data and systems can be accessed, what’s off limits and who is responsible if something breaks. Of course, if you set too many restrictions and parameters, then how do you really know if you’r...