Vulnerability Disclosure Technics

["Mr. John" <johnspood () yahoo com>]

Hi
A question is in my mind everywhen I see a
vulnerability disclosure. I want to know how a person
finds a security vulnerability in a software. Is there
a regular way?
Suppose that I am technical chair of a software group
and   we have a software that security consideration
is important for us. How can I test our software to
ensure that no security vulnerabilities (like buffer
overflow vuln) exists in our software product. Or it
is question for me how for example eEye find many
vulnerabilities in software products. Is there a
regular and formal way? Is there some tools, technics,
method, ... for this purpose, for finding a
vulnerability in a software?

Thanks
John



                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html