In my opinion, though fuzz testing is certainly a useful technique (we've used
it in hardware verification for years), any certification based solely on fuzz
testing for security would be ludicrous. Fuzz testing is not a silver bullet.
The biggest stumbling block for software certification is
Hi crispy,
I'm not sure vista is bombing because of good quality. That certainly would
be ironic.
Word on the way down in the guts street is that vista is too many things
cobbled together into one big kinda functioning mess. My bet is that Vista SP2
will be a completely different beast.
On Tue, 13 Mar 2007, Gary McGraw wrote:
In my opinion, though fuzz testing is certainly a useful technique (we've
used it in hardware verification for years), any certification based solely
on fuzz testing for security would be ludicrous. Fuzz testing is not a
silver bullet.
Fuzzing is
On Tue, 13 Mar 2007, somebody wrote (attribution isn't clear to me):
no. my feeling is that it focuses management on unimportant things like
meeting checkpoints rather then actually doing useful things.
I heartily agree. Compliance almost always becomes (in the worst sense
of the word) a
On Mar 9, 2007, at 5:27 PM, McGovern, James F ((HTSC, IT)) wrote:
Ken, in terms of a previous response to your posting in terms of
getting customers to ask for secure coding practices from vendors,
wouldn't it start with figuring out how they could simply cut-and-
paste InfoSec policies into
Once again i'll ask. Which vertical is the kind of company where you're seeing
this awful behavior in?
BTW, sammy migues agrees with you in a thread we're having on the justice
league blog www.cigital.com/justiceleague (look under SOX).
gem
company www.cigital.com
podcast
There is a text box in Software Security about this with some language I
copied (with permission) from jack danahy of ounce labs.
www.swsec.com
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com
-Original Message-
On 3/14/07, Gary McGraw [EMAIL PROTECTED] wrote:
Once again i'll ask. Which vertical is the kind of company where you're
seeing this awful behavior in?
well, fwiw, i've noticed it in finance/investment, and the entertainment
industries. but i honestly don't think the industry type makes a
