Firewall Wizards mailing list archives
Re: How automate firewall tests
From: Jean-Denis Gorin <jdgorin () computer org>
Date: Tue, 22 Aug 2006 10:15:13 +0200
On Tues, 22 Aug 2006 00:51 Bill Royds wrote:
ASN.1 is a formal language to describe data structures for use of a number of protocols. One would expect that protocols that use ASN.1 as their structure grammar should be quite secure. But there have probably been more vulnerabilities in ASN.1 based protocols than any other. SO even a formal grammar is probably not good enough to define "correct" input.
Using formal specification does not imply correct implementation... Following is a nice paper about a british software company using formal method all the way from specification to implementation: http://www.spectrum.ieee.org/sep05/1454 Just two excerpts: "average of less than one error in every 10 000 lines of delivered code" "[this company] fix for free any problem that came up in the first year of operation" JDG _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 18)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Avishai Wool (Aug 22)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 21)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 21)
- Re: How automate firewall tests Bill Royds (Aug 21)
- Re: How automate firewall tests Chuck Swiger (Aug 21)
- Re: How automate firewall tests Bill Royds (Aug 22)
- Re: How automate firewall tests Bill Royds (Aug 21)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 18)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 21)
- Re: How automate firewall tests ArkanoiD (Aug 22)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 22)
- Re: How automate firewall tests Jean-Denis Gorin (Aug 22)