The fly in this ointment is that the testers (of whatever stripe)
are being trusted to reveal all the flaws that they find.  One way
of assuring that is flaw injection, but it's imperfect, because
you can never prove that failure to find the flaw was deliberate.

The same problem applies to penetration tests, which is why hiring
former felons to do it is not risk-free.

Barney Wolff
I'm available by contract or FT, in the NYC metro area or via the 'Net.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to