Re: ProtoVer vs Lotus Domino Server 7.0

[Matt Hargett <matt () use net>]

Daryl Tester wrote:
> Dave Aitel wrote:
>
> > Surely if you're implementing a complex protocol of some sort and you
> > follow this new fangled "test driven development" fad, then clearly 
> > you've
> > written a few fuzzers in your time.
>
> Except TDD isn't about writing fuzzers, it's about writing successful
> unit tests (or their equivalent), not broken ones.  I'm not sure how
> often fuzzers are used at a "software API" level (instead of protocol);
> does anyone have any stats?

And TDD isn't new -- go read the Mythical Man Month ;>

I usually start out with the negative test cases when I'm doing TDD -- 
my mind just seems to like to deal with getting the error handling right 
up front. I fucking love mocks (dynamic and static) for this reason -- 
making pretty much object throw an exception at any point in the system 
and verifying the interaction was a major step forward for me.

If I'm writing tests for code that's already been written, I just think 
"how would I attack this function?".

I notice there are "uninitialized memory" attacks now getting popular. A 
few years ago I couldn't believe that security people gave a shit about 
double frees, the bane of my QA existence 9 years ago. Now I am equally 
incredulous about uninitialized memory attacks. I suppose I'll be amazed 
yet again when security people have to eat their words about TDD and 
other agile practices ;>

--
tangled strands of DNA explain the way that I behave.