Re: [Lit.] Buffer overruns
From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 01/29/05
- Next message: Trevor L. Jackson, III: "Re: [Lit.] Buffer overruns"
- Previous message: David Wagner: "Re: [Lit.] Buffer overruns"
- In reply to: Hank Oredson: "Re: [Lit.] Buffer overruns"
- Next in thread: BRG: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Jan 2005 18:14:52 -0800
"Hank Oredson" <horedson@earthlink.net> writes:
> Where you write "attacker" I would write "tester".
> How will the "attacker" know where to look?
> Why would the "tester" not look in exactly those same places?
The attacker might be willing to spend millions of dollars and years
of effort looking for those errors. Can the tester match that? The
tester can only use knowledge that existed at the time of testing.
The attacker can use knowledge gained after the program was released.
Testing cannot show the absence of bugs. It can only show their presence.
- Next message: Trevor L. Jackson, III: "Re: [Lit.] Buffer overruns"
- Previous message: David Wagner: "Re: [Lit.] Buffer overruns"
- In reply to: Hank Oredson: "Re: [Lit.] Buffer overruns"
- Next in thread: BRG: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
