Re: [Full-disclosure] How secure is software X?

["Brian Eaton" <eaton.lists@xxxxxxxxx>]

On 5/12/06, Blue Boar <BlueBoar@xxxxxxxxxxx> wrote:
> Brian Eaton wrote:
> > On 5/11/06, Blue Boar <BlueBoar@xxxxxxxxxxx> wrote:
> >> Don't we fairly quickly arrive at all products passing all the standard
> >> tests, and "passing" no longer means anything?
> >
> > I believe that point is called "success."
>
> I was thinking more like all their "security" efforts only went to
> making sure the test reports clean, and they get declared "secure".  Now
> you have two products that pass the tests regardless of relative
> security, or whether one of them was carefully developed with security
> in mind.  Not my definition of success.

Rather than being declared "secure", they should probably be declared
"not trivially broken with any of the standard tools."  Having "not
trivially broken" as a barrier to entry for software would be a major
improvement.

- Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/