On Tue, 2004-09-21 at 10:36, O Plameras wrote: > It must be noted that manual inspection and analysis is only one process. > The auditors have automated tools that they use to audit in addition to > queries and answers as well as other tools like field testing, etc.
Automated checking is NOT the answer to security... Most problems that can be harvested simply with tools can and should be done quickly. True security comes from basic design, reducing permissions to a minimum and other techniques. When it comes to a code audit you must have a developer with enough time and the right attitude. That may not be ability here, just a different way of thinking that most developers do not need to worry about. -- Thanks KenF OpenOffice.org developer -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
