On Thursday 01 July 2004 12:09, [EMAIL PROTECTED] wrote: > On Wed, 30 Jun 2004 21:08:27 CDT, Paul Schmehl <[EMAIL PROTECTED]> said: > > I attended a presentation yesterday for a security product in the > > application firewall field. During the presentation, the CISSP stated > > that "in every 1000 lines of code there will be 15 errors". I don't know > > if I'd agree with that - I suspect most coders are a bit better than that > > - but I had to chuckle, because, of course, I immediately thought, "So > > you admit that your code is riddled with holes!" > > Actually, I suspect most coders are *worse* than that. > > Sendmail 8.13.0 weighs in at just about 90K lines of C code for > the main program. By that metric, there should only have been 135 > bugs in it. In fact, there are 441 occurrences of 'Problem noted by' > in the release notes.
Except for the fact that your math is off; 15 times 90 equals 1350, not 135. By that number, we'd have to assume that not even half of sendmails' bug are found as of yet, which imho is a little hard to believe. just nitpicking, but... Greetings, Maarten _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
