On Tue, Nov 14, 2000 at 03:35:35PM -0500, Paul Jarc wrote:
> [EMAIL PROTECTED] writes:
> > Whilst an audit is a good idea, I don't see how a competition and
> > time in the field can actual make matters worse.
>
> It can make people think a program is secure when no audit has been
> done, reducing the likelihood that anyone will call for an audit,
> leaving holes undiscovered.
And a formal audit can miss security holes, reducing the likelihood that
anyone will call for further audits, leaving holes undiscovered -- it's a
double-edged sword. Auditing is an ongoing process, not something which takes
place at one point in time and unilaterally declares something "secure".
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
5:21pm up 157 days, 15:37, 10 users, load average: 0.08, 0.02, 0.01
