Dailydave mailing list archives
Re: @stake SafeApps
From: "Matt Hargett" <matt () use net>
Date: Mon, 24 Nov 2003 16:31:45 -0800
On Tue, Nov 25, 2003 at 12:45:40AM +0100, Halvar Flake wrote:I think this is cool, though. More competition in this space will mean
th
at the tools will just get better faster and in turn software will be
made m
ore secure faster. (I am such a QA nerd.)And boy, they do need to get better fast :-PI thought you would be opposed, I mean when they get good won't they put you out of work?
Halvar and I have already had this conversation, but for the benefit of the others on this list to flame me, here is my take resummarized :) I don't think it puts anyone out of work. It's like saying scanners replace pen-testers. They generally only replace the really shitty ones who were scammers in the first place, trying to get by on name or reputation alone. We tell our customers that these tools are by no means a replacement for manual reviews or runtime fault injection/fuzzing/whatever the fuq it's called this week. I never use just one tool of any kind, because in my experience, you will miss things. Even multiple tools with the same approach is something I would recommend. For example, I used Purify exclusively for years. Then I tried Insure++ on some Purify-clean code and found some heinous bugs that had been lurking. Same thing with PC-Lint and Prefix/Prefast. (So far valgrind hasn't found anything insure++ didn't, but valgrind is free.) I do honestly think these tools individually raise the bar, but real progress can only be made by using them all together (I'm avoiding the word synergy here.). If I didn't think it helped, I wouldn't be spending my time working in this space _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- @stake SafeApps Halvar Flake (Nov 24)
- Re: @stake SafeApps Matt Hargett (Nov 24)
- Re: @stake SafeApps Halvar Flake (Nov 24)
- Re: @stake SafeApps David Maynor (Nov 25)
- Re: @stake SafeApps Matt Hargett (Nov 25)
- Re: @stake SafeApps Halvar Flake (Nov 24)
- Re: @stake SafeApps Matt Hargett (Nov 24)
- Re: @stake SafeApps David Maynor (Nov 24)