Firewall Wizards mailing list archives
Re: Re[2]: Penetration testing via shrinkware
From: "Perry E. Metzger" <perry () piermont com>
Date: Wed, 23 Sep 1998 13:19:33 -0400
"Marcus J. Ranum" writes:
Richard Christie wrote:What your really driving at Marcus is developing software in a trusted manne
r.
Companies developing Firewall software should be evaluated by SEI for a Capability Maturity Model (CMM) rating.ARrrggghhHH!!!! More formalistic nonsense scams! Does someone's ability to predictably generate documentation really correlate to their ability to produce a good product that works?? The SEI evaluation may have some validity, but it strikes me more like an attempt to do one of those ISO9000-oid certification scams.
I really very strongly agree.
From what I can tell, no giant formalism substitutes for having people
who know what they are doing looking over your design.
It's important that people developing security products know what they're doing,
BING BING BING BING BING
and know how to write security critical code -- but I can't think of a practical way to legislate it.
You can't. Perry
Current thread:
- Re: Penetration testing via shrinkware, (continued)
- Re: Penetration testing via shrinkware Frederick M Avolio (Sep 21)
- encrypting modem arjo (Sep 22)
- Re: encrypting modem Leonard Miyata (Sep 23)
- Re: encrypting modem Michael Barkett (Sep 23)
- Re: encrypting modem iCefoX (Sep 23)
- Re: Re[2]: Penetration testing via shrinkware Marcus J. Ranum (Sep 23)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Perry E. Metzger (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Joseph S. D. Yao (Sep 24)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)