Dailydave mailing list archives
Re: Twitter: (verb) to fail under exponential growth
From: Adrien Krunch Kunysz <adrien () kunysz be>
Date: Sun, 29 Jun 2008 20:13:08 +0100
On Sun, Jun 29, 2008 at 12:49:34PM -0400, Dave Aitel wrote:
I don't know if that's ever going to happen, but it's clear that what we have now is not even close to sustainable. It's a model that fails under exponential growth, like Twitter or anti-virus signatures. I've always wondered about the rest of our technology that fails in a similar way. Why do our application assessment tools not also fix the bugs they find?
Because they also find false positive?
If you're trying to buy web application scanning, then your scanner should also be updating the application to fix those pesky SQL Injection bugs. Your binary/source analysis tool should be svn commiting patches to fix your overflows. If you have to rely on a developer to understand the bugs themselves, it doesn't scale. Your network attack tool should upload and run the right patch automatically.[1] Does the modern generation of scanners do this?
You proposition seems to fall between the "Automatic programming" and "Program verification" paragraphs of the 1986 No Silver Bullet paper. I suggest you reread it.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Twitter: (verb) to fail under exponential growth Dave Aitel (Jun 29)
- Re: Twitter: (verb) to fail under exponential growth Chris Eng (Jun 29)
- Re: Twitter: (verb) to fail under exponential growth Adrien Krunch Kunysz (Jun 29)
- Re: Twitter: (verb) to fail under exponential growth Marc Maiffret (Jun 30)
- Re: Twitter: (verb) to fail under exponential growth Lance M. Havok (Jun 30)