Re: Re[2]: Penetration testing via shrinkware

Marcus J. Ranum (mjrnfr.net)
Tue, 22 Sep 1998 17:40:53 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: arkeltex.ru: "Re: FW-1: Questions about DHCP and IPX"
• Previous message: Ryan Russell: "Transparent vs. Non-transparent AGs/SPFs/whatever"
• Next in thread: Perry E. Metzger: "Re: Re[2]: Penetration testing via shrinkware"
• Reply: Perry E. Metzger: "Re: Re[2]: Penetration testing via shrinkware"
• Reply: Joseph S. D. Yao: "Re: Re[2]: Penetration testing via shrinkware"
• Reply: David Collier-Brown: "Re: Penetration testing via shrinkware"

Richard Christie wrote:
>What your really driving at Marcus is developing software in a trusted manner.
>Companies developing Firewall software should be evaluated by SEI for a
>Capability Maturity Model (CMM) rating.

ARrrggghhHH!!!!

More formalistic nonsense scams! Does someone's ability to
predictably generate documentation really correlate to their
ability to produce a good product that works?? The SEI evaluation
may have some validity, but it strikes me more like an attempt
to do one of those ISO9000-oid certification scams.

It's important that people developing security products know
what they're doing, and know how to write security critical
code -- but I can't think of a practical way to legislate it.

mjr.

--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

• Next message: arkeltex.ru: "Re: FW-1: Questions about DHCP and IPX"
• Previous message: Ryan Russell: "Transparent vs. Non-transparent AGs/SPFs/whatever"
• Next in thread: Perry E. Metzger: "Re: Re[2]: Penetration testing via shrinkware"
• Reply: Perry E. Metzger: "Re: Re[2]: Penetration testing via shrinkware"
• Reply: Joseph S. D. Yao: "Re: Re[2]: Penetration testing via shrinkware"
• Reply: David Collier-Brown: "Re: Penetration testing via shrinkware"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT