Firewall Wizards mailing list archives
Re: Re[2]: Penetration testing via shrinkware
From: Matthew_S_Cramer () armstrong com
Date: Wed, 23 Sep 1998 14:12:16 -0400
mjr () nfr net wrote:
It's important that people developing security products know what they're doing, and know how to write security critical code -- but I can't think of a practical way to legislate it.
I don't see anything ever being more practical than open source and peer review.
There is nothing else that comes close in terms of effiency and redundancy.
People may *try* to legislate security, but that just offers vaporware penalties
and benefits ("I'm scam-org certified, and he's not!") which still requires some
other way of proving or disproving whether or not the certification is valid.
Certain types of review could be automated with software (say, cheking for
certain types of buffer overflows in c code), but then *that* piece of software
would have to be trusted. It is a ctach-22.
Matt
Current thread:
- Re: encrypting modem, (continued)
- Re: encrypting modem Michael Barkett (Sep 23)
- Re: encrypting modem iCefoX (Sep 23)
- Re: Penetration testing via shrinkware David Kennedy CISSP (Sep 21)
- Re: Penetration testing via shrinkware John Grillo (Sep 22)
- Re[2]: Penetration testing via shrinkware Richard Christie (Sep 22)
- Re: Re[2]: Penetration testing via shrinkware Marcus J. Ranum (Sep 23)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Perry E. Metzger (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Joseph S. D. Yao (Sep 24)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Marcus J. Ranum (Sep 23)
- Re: Re[2]: Penetration testing via shrinkware Matthew_S_Cramer (Sep 24)
- Re: Penetration testing via shrinkware Bill_Royds (Sep 25)