mailing list archives
Re: How T-Mobil's network was compromised
From: Willem Koenings <infsec () gmail com>
Date: Sun, 20 Feb 2005 21:26:57 +0200
On Sun, 20 Feb 2005 10:50:47 -0600, Frank Knobbe <frank () knobbe us> wrote:
The point is that often code works correctly, stable and secure, and
does what the programmer intended to do. However, sometimes the
programmer overlooked a condition to check for. The lack of that check
is not a flaw in the code. A reviewer may not find it because he may not
conceive a requirement for such a check either. So the code is correct,
no flaws in it. Yet it will fail under certain conditions.
We can only check for the existence of those flaws that we are aware of.
We can not say that tested code does not have flaws that we didn't
Yes, and thats why i said, that original quote is not always true
because it is differently understandable. If i know one specific flaw
or vulnerability, then i specifically can test against presence or
absence of that specific flaw or vulnerability.
all the best,
Full-Disclosure - We believe in it.
- Re: How T-Mobil's network was compromised, (continued)