|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Re[2]: Penetration testing via shrinkware
Matthew_S_Cramer
armstrong.com
Wed, 23 Sep 1998 14:12:16 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Doug Hughes: "Re: SUN RPC portmapper"
- Previous message: Bárány Sándor: "why isn't there a newer linux fw-howto"
- In reply to: Ryan Russell: "Transparent vs. Non-transparent AGs/SPFs/whatever"
- Next in thread: Perry E. Metzger: "Re: Re[2]: Penetration testing via shrinkware"
mjrnfr.net wrote:
>It's important that people developing security products know
>what they're doing, and know how to write security critical
>code -- but I can't think of a practical way to legislate it.
I don't see anything ever being more practical than open source and peer review.
There is nothing else that comes close in terms of effiency and redundancy.
People may *try* to legislate security, but that just offers vaporware penalties
and benefits ("I'm scam-org certified, and he's not!") which still requires some
other way of proving or disproving whether or not the certification is valid.
Certain types of review could be automated with software (say, cheking for
certain types of buffer overflows in c code), but then *that* piece of software
would have to be trusted. It is a ctach-22.
Matt
- Next message: Doug Hughes: "Re: SUN RPC portmapper"
- Previous message: Bárány Sándor: "why isn't there a newer linux fw-howto"
- In reply to: Ryan Russell: "Transparent vs. Non-transparent AGs/SPFs/whatever"
- Next in thread: Perry E. Metzger: "Re: Re[2]: Penetration testing via shrinkware"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT