Re: [fw-wiz] How automate firewall tests
- From: Jean-Denis Gorin <jdgorin@xxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 10:15:13 +0200
On Tues, 22 Aug 2006 00:51
Bill Royds wrote:
ASN.1 is a formal language to describe data structures for
use of a number of protocols. One would expect that
protocols that use ASN.1 as their structure grammar should be
quite secure.
But there have probably been more vulnerabilities in ASN.1
based protocols than any other. SO even a formal grammar is
probably not good enough to define "correct" input.
Using formal specification does not imply correct implementation...
Following is a nice paper about a british software company using formal method
all the way from specification to implementation:
http://www.spectrum.ieee.org/sep05/1454
Just two excerpts:
"average of less than one error in every 10 000 lines of delivered code"
"[this company] fix for free any problem that came up in the first year of
operation"
JDG
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: Re: [fw-wiz] How automate firewall tests
- Next by Date: Re: [fw-wiz] How automate firewall tests
- Previous by thread: Re: [fw-wiz] How automate firewall tests
- Next by thread: Re: [fw-wiz] How automate firewall tests
- Index(es):
