Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How secure is software X?

From: "Brian Eaton" <eaton.lists () gmail com>
Date: Fri, 12 May 2006 13:21:47 -0400
On 5/12/06, Blue Boar <BlueBoar () thievco com> wrote:

Brian Eaton wrote:
> On 5/11/06, Blue Boar <BlueBoar () thievco com> wrote:
>> Don't we fairly quickly arrive at all products passing all the standard
>> tests, and "passing" no longer means anything?
>
> I believe that point is called "success."

I was thinking more like all their "security" efforts only went to
making sure the test reports clean, and they get declared "secure".  Now
you have two products that pass the tests regardless of relative
security, or whether one of them was carefully developed with security
in mind.  Not my definition of success.


Rather than being declared "secure", they should probably be declared
"not trivially broken with any of the standard tools."  Having "not
trivially broken" as a barrier to entry for software would be a major
improvement.

- Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: