Full Disclosure mailing list archives
Re: How secure is software X?
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 11 May 2006 20:20:30 -0700
So pin it down a bit more for me.Do you want just public results of standardized blackbox testing? Something similar to the ICSA firewall certification? (Though, I assume you want actual public results.)
Would you include source review? The Sardonix project tried to do that.Who does the testing, and who pays for the time and equipment to do that? Do all products get re-tested every time a new version of the product suite is released? Do the test suites have to be free? Do they re-test for every release of the victim software?
Don't people like yourself derive some benefit from having some portion of your assessment work stay proprietary? If I'm trying to enhance the test suite with some new fuzzing, and I find a sexy bug, don't the incentives tend to lean towards me selling the bug to iDefense and hiding my fuzzer in the meantime?
Don't we fairly quickly arrive at all products passing all the standard tests, and "passing" no longer means anything?
I like the idea, but I'm wondering why people would contribute. I'm also wondering how it can it stay consumer-beneficial, and not end up being driven by product vendors.
BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- How secure is software X? David Litchfield (May 11)
- Re: How secure is software X? Michael Silk (May 11)
- Re: How secure is software X? David Litchfield (May 11)
- Re: How secure is software X? Blue Boar (May 11)
- Re: How secure is software X? Brian Eaton (May 12)
- Re: How secure is software X? Blue Boar (May 12)
- Re: How secure is software X? Brian Eaton (May 12)
- Re: How secure is software X? sebastian . rother (May 12)
- Re: How secure is software X? Brian Eaton (May 12)
- Re: How secure is software X? Michael Silk (May 11)
- Re: How secure is software X? Lucien Fransman (May 12)
- Re: How secure is software X? Lucien Fransman (May 12)
- Re: How secure is software X? Roman Medina-Heigl Hernandez (May 13)
- Re: How secure is software X? Valdis . Kletnieks (May 13)