Building on that, I’ve worked alongside both QA and security teams, and I’d say what is penetration testing in software testing is somewhat of a hybrid. It’s definitely connected to software quality because security is part of overall quality, but pen testing tends to be a specialized discipline.
QA traditionally focuses more on functionality, performance, and usability, while penetration testing zeroes in on digging deep into security defenses. So, it’s usually handled by security experts, but it complements QA efforts by addressing those critical security risks.