|
Dailydave
mailing list archives
Re: Twitter: (verb) to fail under exponential growth
From: Adrien Krunch Kunysz <adrien () kunysz be>
Date: Sun, 29 Jun 2008 20:13:08 +0100
On Sun, Jun 29, 2008 at 12:49:34PM -0400, Dave Aitel wrote:
I don't know if that's ever going to happen, but it's clear that what we
have now is not even close to sustainable. It's a model that fails under
exponential growth, like Twitter or anti-virus signatures.
I've always wondered about the rest of our technology that fails in a
similar way. Why do our application assessment tools not also fix the
bugs they find?
Because they also find false positive?
If you're trying to buy web application scanning, then
your scanner should also be updating the application to fix those pesky
SQL Injection bugs. Your binary/source analysis tool should be svn
commiting patches to fix your overflows. If you have to rely on a
developer to understand the bugs themselves, it doesn't scale. Your
network attack tool should upload and run the right patch
automatically.[1] Does the modern generation of scanners do this?
You proposition seems to fall between the "Automatic programming" and
"Program verification" paragraphs of the 1986 No Silver Bullet paper. I
suggest you reread it.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
