On Wed, Nov 15, 2000 at 01:21:40PM -0500, Dave Sill wrote:
> Adam McKenna <[EMAIL PROTECTED]> wrote:
>
> >I think "select few" as you have used it needs clarification -- even if only
> >one half of one percent of all advanced C programmers are part of the "select
> >few", that's still hundreds or thousands of people, and many of those people
> >are part of the open source community.
>
> That estimate may well be high. I've never seen books or training
> covering the topic of security auditing C code. Where'd you get that
> 0.5%?
I pulled it out of somewhere.
> >A hell of a lot more, anyway, than
> >are working at so-called "security firms", ready to stamp their approval on
> >any product they get six or seven digit payments to "certify".
>
> ``So-called "security firms"'' that don't know what they're doing will
> eventually be discovered for the frauds that they are. In the security
> business, reputation is everything. An audit by some random "security
> firm" might not mean anything, but an audit by a recognized authority
> would.
It might. It also might not, because even the best auditors could miss
something.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
2:18pm up 158 days, 12:35, 10 users, load average: 0.00, 0.00, 0.00
