Full Disclosure mailing list archives
Re: Penetration testing will be dead by 2009 - Mr. Chess
From: Jared DeMott <jdemott () crucialsecurity com>
Date: Wed, 31 Dec 2008 13:53:23 -0500
James Matthews wrote:
I wish! Fortify software has been tested against many open source projects and reported a bunch of false positives. Yes i know they are working to improve the software.... However i still hold that fuzzing will show you some issues that this software cannot. James
And if you're unsure if that's true ... just look to the iron chef fuzzing preso from this years blackhat ... fuzzing managed to find a "better" bug, though both approaches (static and dynamic) found a decent bug in the software under test. Happy New Year! Jared _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Penetration testing will be dead by 2009 - Mr. Chess Jared DeMott (Jan 01)