On 5/12/06, Blue Boar <[EMAIL PROTECTED]> wrote:
Brian Eaton wrote:
> On 5/11/06, Blue Boar <[EMAIL PROTECTED]> wrote:
>> Don't we fairly quickly arrive at all products passing all the standard
>> tests, and "passing" no longer means anything?
>
> I believe that point is called "success."
I was thinking more like all their "security" efforts only went to
making sure the test reports clean, and they get declared "secure". Now
you have two products that pass the tests regardless of relative
security, or whether one of them was carefully developed with security
in mind. Not my definition of success.
Rather than being declared "secure", they should probably be declared
"not trivially broken with any of the standard tools." Having "not
trivially broken" as a barrier to entry for software would be a major
improvement.
- Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
