Re: malicious code
From: Jeff Williams (jsquared@erols.com)
Date: 01/28/03
- Previous message: David Wagner: "Re: malicious code"
- In reply to: David Wagner: "Re: malicious code"
- Next in thread: Crispin Cowan: "Re: malicious code"
- Reply: Crispin Cowan: "Re: malicious code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jeff Williams" <jsquared@erols.com> To: <secprog@securityfocus.com> Date: Mon, 27 Jan 2003 21:34:48 -0500
I'm not looking for technology. It is going to be a very long time before
software can even find unintentional security errors. I was hoping that
someone had done some research on how human code review can find malicious
logic. Is the problem exactly the same as searching for inadvertent
security flaws, or are there specialized techniques for searching out
malicious logic.
Thanks for any thoughts on this topic!
> David Wagner wrote
>
> Jeff Williams wrote:
> >Does anyone on the list know of any research in detecting "malicious
code"
> >as opposed to simply inadvertent security screwups? Seems to me that
the
> >best attacks would be very difficult to distinguish from a ordinary
> >mistake.
>
> Yeah: It's really, really hard. The only answer I know to give
> is "forget about it; today's technology can't do what you want".
> Sorry -- I know that's not very helpful.
- Next message: Crispin Cowan: "Re: malicious code"
- Previous message: David Wagner: "Re: malicious code"
- In reply to: David Wagner: "Re: malicious code"
- Next in thread: Crispin Cowan: "Re: malicious code"
- Reply: Crispin Cowan: "Re: malicious code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
