Secure Coding mailing list archives
Re: Security Test Cases for Testing
From: Gene Spafford <spaf () cerias purdue edu>
Date: Fri, 19 Dec 2003 22:02:23 +0000
At 7:40 AM -0400 12/18/03, ljknews wrote: At 8:12 PM -0500 12/17/03, Gene Spafford wrote: (Aside: for those people who claim open source is more "secure" -- where are the open source requirements capture tools, specification languages and provers, D-U/mutation testing tools, and regression tool suites? ) Although I am not a big open source fan, certainly it is the case that with open source you _know_ all those things are missing and have not been used, whereas with closed source you can only guess that is the situation :-) I see. If I ride in the Linux car, I know there are no seatbelts, no brakes, and no crash-resistant gas tank. In the Microsoft car, there might be brakes, there is sort of a seatbelt, and they are investing tens of millions of dollars to improve the impact resistance of the gas tank. The designers of the Linux car are devoting time to adding tail fins, a horn that plays the theme to Star Trek, and making the engine run on left-over french-fry oil. The MS car designers include a team of crack engineers devoted to making the car more secure. Neither car is currently safe, but in the longer term under these conditions, which one do you think will be safer in 5 years? Which car should I choose to buy now if I need to buy a car? (and don't have the time or training to be a mechanic, btw) --spaf [Ed. I'm not so convinced that I want a team of "crack engineers" designing my car, although sometimes there are indications... ;-) Either way, though, let's keep this discussion focused on secure software development methodologies, please. Follow-ups regarding "my OS vs. your OS" or crack engineering will be /dev/nulled. KRvW]
Current thread:
- Security Test Cases for Testing Giri, Sandeep (Dec 17)
- Re: Security Test Cases for Testing ljknews (Dec 17)
- Re: Security Test Cases for Testing Gene Spafford (Dec 17)
- Re: Security Test Cases for Testing ljknews (Dec 18)
- Re: Security Test Cases for Testing Gene Spafford (Dec 19)
- Re: Is Open Source Software "more" secure? Jared W. Robinson (Dec 20)
- Re: Security Test Cases for Testing Gene Spafford (Dec 17)
- Re: Security Test Cases for Testing Kenneth R. van Wyk (Dec 19)
- Re: Security Test Cases for Testing Dana Epp (Dec 19)
- Re: Security Test Cases for Testing Gene Spafford (Dec 20)
- Re: Security Test Cases for Testing ljknews (Dec 17)
- Re: Security Test Cases for Testing Jeff Williams @ Aspect (Dec 17)