| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: infsec at gmail.com (Willem Koenings) Subject: How T-Mobil's network was compromised On Fri, 18 Feb 2005 16:49:03 -0500, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote: > On Fri, 18 Feb 2005 16:04:52 EST, bkfsec said: > > > Are you aware of any server software that has been so rigorously tested > > that it has no flaws at all? > > > > That would be one hell of a find... > > "Testing can reveal the presence of flaws, but not their absence" -- E. Dijkstra In my belief, this is not completely true. Let's say we are testing web application, as this thread already started from one. Let's say i'm testing application regarding to input sanitizing. Code analysis is one type of testing. When i do code analysis and look, how user input is handled, i have those results: - user input is correctly sanitized and there is no flaw - use input is not correctly sanitized and there is a flaw So above saying is not always completly true. But you can't use testing to find something you don't know at this exact moment - unknown flaws. all the best, W.
Powered by blists - more mailing lists