RE: This is a must read document. It will freak you out

[dgillett]

On 7 Jun 2001, at 20:46, Paul D. Robertson wrote:

> On Thu, 7 Jun 2001 [EMAIL PROTECTED] wrote:
> 
> >  >> Ahem, actually lack of quality assurance testing in software and 
> > hardware is the biggest threat out on the Internet today.  According to 
> > some there hasn't been a new intrusion introduced into the wild except some 
> > type of exploit in code that the original programmers did not catch during 
> > their "extensive" QA process especially those folks located in the Pacific 
> > Northwest.
> 
> How isn't that covered in:
> 
> "making software vendors produce more secure systems?" 
> 
> :-P
> 
> Paul

  I submit that it "isn't covered", in that *QA* is not the place to 
insert security or reliability into the product.  You get much better 
effectiveness if it goes into (a) the design, and (b) the tools used 
to implement -- which are somebody's products in their own right.

  The fact that QA *cannot* find every buffer-overflow in a program 
is no excuse for people to be still writing code with exploitable 
buffer overflows in it in 2001.

David Gillett


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]