I am in a debate with project managers over the control management and approach to documentation covering Security testing (Pen Testing)
They belive that this should be done by subject matter experts
with no test plan
with no specific detail in the Master Test Plan
With no input from the test manager
I believe it should be in the plans managed by the Test Manager and the test manager calls upon the SME resource to support and provide guidance.
What are the thoughts of the populus?