Re: [fw-wiz] How automate firewall tests



On Tues, 22 Aug 2006 00:51
Bill Royds wrote:

ASN.1 is a formal language to describe data structures for
use of a number of protocols. One would expect that
protocols that use ASN.1 as their structure grammar should be
quite secure.
But there have probably been more vulnerabilities in ASN.1
based protocols than any other. SO even a formal grammar is
probably not good enough to define "correct" input.

Using formal specification does not imply correct implementation...

Following is a nice paper about a british software company using formal method
all the way from specification to implementation:
http://www.spectrum.ieee.org/sep05/1454
Just two excerpts:
"average of less than one error in every 10 000 lines of delivered code"
"[this company] fix for free any problem that came up in the first year of
operation"

JDG

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards