Re: Twitter: (verb) to fail under exponential growth

[Adrien Krunch Kunysz <adrien () kunysz be>]

On Sun, Jun 29, 2008 at 12:49:34PM -0400, Dave Aitel wrote:
> I don't know if that's ever going to happen, but it's clear that what we 
> have now is not even close to sustainable. It's a model that fails under 
> exponential growth, like Twitter or anti-virus signatures.
>
> I've always wondered about the rest of our technology that fails in a 
> similar way. Why do our application assessment tools not also fix the 
> bugs they find?

Because they also find false positive?

> If you're trying to buy web application scanning, then 
> your scanner should also be updating the application to fix those pesky 
> SQL Injection bugs. Your binary/source analysis tool should be svn 
> commiting patches to fix your overflows. If you have to rely on a 
> developer to understand the bugs themselves, it doesn't scale. Your 
> network attack tool should upload and run the right patch 
> automatically.[1] Does the modern generation of scanners do this?

You proposition seems to fall between the "Automatic programming" and
"Program verification" paragraphs of the 1986 No Silver Bullet paper. I
suggest you reread it.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave