Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FWTK and smap/smapd

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 18 Jul 2002 17:35:48 -0400
Adam Shostack wrote:

But I think that we need actual audits.  I'm starting
to think that such audits may be a public good, and worth encouraging
the government to spend money on, because lord knows the private
sector isn't.  (Or at least, they're not sharing.)


You mean like the code audit NSA had done of the fwtk back in ?? (I think
it was) - Unfortunately I never had the necessary clearances to learn any of
the results. I privately funded an audit by betting Mudge and some of the
l0phters that I'd buy them a pint of Guiness for every bug they found - which
is why there was a small contingent of blind-dead-drunk software engineers
at USENIX in San Antonio a bunch of years later...

I don't think audit works: there are more bad programmers than good programmers.
So to audit all the code we'd have to stand down all the good programmers - who
are the guys who get all the useful coding done anyhow. The entire software
industry would collapse. Legend is this may already have happened.

mjr.
---
Marcus J. Ranum - Computer and communications Security Expertise
mjr () ranum com  (http://www.ranum.com)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: