Prosecutors have dropped criminal charges against two security professionals who were arrested and jailed last September for breaking into an Iowa courthouse as part of a contract with Iowa’s judicial arm. From a report: The dismissal, which was announced on Thursday, is a victory not only for Coalfire Labs, the security firm that employed the two penetration testers, but the security industry as a whole and the countless organizations that rely on it. Although employees Gary DeMercurio and Justin Wynn had written authorization to test the physical security of the Dallas County Courthouse in Iowa, the men spent more than 12 hours in jail on felony third-degree burglary charges. The charges were later lowered to misdemeanor trespass. The case cast a menacing cloud over an age-old practice that’s crucial to securing buildings and the computers and networks inside of them. Penetration testers are hired to hack or break into sensitive systems or premises and then disclose the vulnerabilities and techniques that made the breaches possible. Owners and operators then use the information to improve security. “I’m very glad to hear this,” said a professional pentester when I told him the charges were dropped (he prefers to use only his handle: Tink). “Clients and security firms have an obligation to protect their pentesters and consultants. Pentesters are not criminals. Pentesters help organizations protect against criminals.”

Tags: