Damien Miller <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: >> I don't think that's clear at all. It could be purely stochastic. >> I.e. you look at a section of code, you find the bug with some >> probability. However, there's a lot of code and the auditing >> coverage isn't very deep so bugs persist for a long time. > > I suspect that auditing coverage is usually going to be very similar to > the search patterns used by blackhats - we are all human and are likely > to be drawn to similar bugs. Auditing may therefore yield a superlinear > return on effort. Is that enough to make it a "good idea"?
I agree that this is a possibility. We'd need further research to know if it's in fact correct. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
