|
Full Disclosure
mailing list archives
Re: Penetration testing will be dead by 2009 - Mr. Chess
From: Jared DeMott <jdemott () crucialsecurity com>
Date: Wed, 31 Dec 2008 13:53:23 -0500
James Matthews wrote:
I wish! Fortify software has been tested against many open source
projects and reported a bunch of false positives. Yes i know they are
working to improve the software.... However i still hold that fuzzing
will show you some issues that this software cannot.
James
And if you're unsure if that's true ... just look to the iron chef
fuzzing preso from this years blackhat ... fuzzing managed to find a
"better" bug, though both approaches (static and dynamic) found a decent
bug in the software under test.
Happy New Year!
Jared
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Penetration testing will be dead by 2009 - Mr. Chess Jared DeMott (Jan 01)
| 
