lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: fulldisc at ultratux.org (Maarten)
Subject: Web sites compromised by IIS attack

On Thursday 01 July 2004 12:09, Valdis.Kletnieks@...edu wrote:
> On Wed, 30 Jun 2004 21:08:27 CDT, Paul Schmehl <pauls@...allas.edu>  said:
> > I attended a presentation yesterday for a security product in the
> > application firewall field.  During the presentation, the CISSP stated
> > that "in every 1000 lines of code there will be 15 errors".  I don't know
> > if I'd agree with that - I suspect most coders are a bit better than that
> > - but I had to chuckle, because, of course, I immediately thought, "So
> > you admit that your code is riddled with holes!"
>
> Actually, I suspect most coders are *worse* than that.
>
> Sendmail 8.13.0 weighs in at just about 90K lines of C code for
> the main program.  By that metric, there should only have been 135
> bugs in it. In fact, there are 441 occurrences of 'Problem noted by'
> in the release notes.

Except for the fact that your math is off; 15 times 90 equals 1350, not 135.
By that number, we'd have to assume that not even half of sendmails' bug are 
found as of yet, which imho is a little hard to believe.

just nitpicking, but...

Greetings,
Maarten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ