Re: [fw-wiz] How automate firewall tests

"Marcus J. Ranum" <mjr@xxxxxxxxx> wrote:

The "take whole classes of problems off the table" approach
is what engineers consider elegance of design. It's that kind
of elegance that is mostly lacking in how we do operating
systems and security system design, today.

There is a structured systems design book I have (I think that's the
one, anyway) that recommends input be conditioned as early in the data
flow as possible so it's done and over with, and you can not have to
worry about unconditioned data floating around in the system, being
(similarly) conditioned in multiple places (code redundancy), etc.
Similar concept.

firewall-wizards mailing list