| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: frank at knobbe.us (Frank Knobbe) Subject: How T-Mobil's network was compromised On Sun, 2005-02-20 at 21:26 +0200, Willem Koenings wrote: > Yes, and thats why i said, that original quote is not always true > because it is differently understandable. If i know one specific flaw > or vulnerability, then i specifically can test against presence or > absence of that specific flaw or vulnerability. hehe... no, no. The quote said "flaws". Not a specific one. Flaws are errors as we know them. You can test for the presence of the ones we know, the specific ones. And you can test for the absence of these specific ones. But you can't test for the absence of any flaw. That would be akin to testing the presence of anti-flaws. What is a non-error? A non-flaw? It's a non-existing flaw, it doesn't exist. If could define and measure that to the extent that you can test for it, then Dijkstra can be proved wrong :) Until then the invert of presence of flaws is absence of flaws. And we can only test for the former. Cheers, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050220/b2d9fb44/attachment.bin
Powered by blists - more mailing lists