Re: [fw-wiz] concerning ~el8 / project mayhem
From: Barney Wolff (barney@tp.databus.com)
Date: 08/21/02
- Next message: jankowsr@mskcc.org: "RE: [fw-wiz] concerning ~el8 / project mayhem"
- Previous message: Paul Robertson: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- In reply to: Paul Robertson: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Next in thread: Anton J Aylward, CISSP: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Reply: Anton J Aylward, CISSP: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barney Wolff <barney@tp.databus.com> To: firewall-wizards@honor.icsalabs.com Date: Wed Aug 21 11:49:01 2002
Why on earth even spend time debating whether config reviews or scans
are better? It's equivalent to debating whether structured walkthroughs
or testing work better to find software flaws. Which is more important,
your left leg or your right?
On Wed, Aug 21, 2002 at 11:04:55AM -0400, Paul Robertson wrote:
>
> While I am indeed advocating good design, I'm not against validation, I'm
> against vulnerability scanning- that, I think is our point of difference
> (or maybe I just didn't articulate it well.) In other words, I'm saying
> that configuration validation is better than vulnerability testing for
> almost all classes of electronic attack.
-- Barney Wolff I'm available by contract or FT: http://www.databus.com/bwresume.pdf
- Next message: jankowsr@mskcc.org: "RE: [fw-wiz] concerning ~el8 / project mayhem"
- Previous message: Paul Robertson: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- In reply to: Paul Robertson: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Next in thread: Anton J Aylward, CISSP: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Reply: Anton J Aylward, CISSP: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
