Firewall Wizards mailing list archives

Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)

From: daw () mozart cs berkeley edu (David Wagner)
Date: 8 Aug 2001 07:29:14 GMT

Darren Reed  wrote:

All they can do is find already known problems.


Think of it like type checking.  Type checkers only prevent known
problems (namely, runtime type errors).  Type checkers are not a
silver bullet: they only prevent a certain class of errors.  Nonetheless,
they're pretty darn useful, aren't they?  They assist the programmer
with some of the tedious bookkeeping of programming, and leave the
programmer free to concentrate on the truly hard aspects of writing
code (such as getting the design right in the first place).  This
seems like an advance.  We should embrace analogous advances in
software security, not resist them.

P.S. Sure, testing sounds like a great idea, too.  They're complementary:
you should be using both.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe), (continued)
- - - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Damir Rajnovic (Aug 07)
  - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 11)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) R. DuFresne (Aug 08)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 08)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 08)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 13)
  - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) daN. (Aug 10)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Jody C. Patilla (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) daN. (Aug 10)
  - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) B. Scott Harroff (Aug 13)
    - RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Tony (Aug 16)
    - Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) daN. (Aug 16)