lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CB1F49F2B508604292985807CF68F5F505953802@CSEXCHANGE.cs.state.ny.us>
From: JMC13 at mail3.cs.state.ny.us (Clairmont, Jan)
Subject: PFW and Program Correctness

Vulnerabilities are impossible to entirely eliminate, just as proving
correctness of an algoritm, Knuth and others, errors exponential increase
as the code increases.  They will never get any code completely bug or
security flaw free.  And the more people use the systems the more things
or problems will come out.   Expecting MS or Linux or Solaris to get it all
out is an insane requirement.  I do expect adequate QA testing, and doing
security pen testing is the minimum, but that won't always cut it, that why
there is customer beta testing.

I suppose working on the internet is like driving on a busy highway,
hopefully
your experienced drivers can avoid the MAC trucks. But some accidents just
become unavoidable and the novice drivers get into the most accidents...
It's 
experience and safe habits, buckle your seat belt baby you're in for a
helluva
ride.

Jan Clairmont
LDAP and Solaris Admin. Consultant


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ