Dailydave mailing list archives
Re: Twitter: (verb) to fail under exponential growth
From: "Chris Eng" <ceng () Veracode com>
Date: Sun, 29 Jun 2008 15:02:07 -0400
Oh come on, you know the answer to that. Because things break. Same reason people don't run WAFs in prevent mode, same reason IPS isn't more popular. Source/binary tools could patch automatically, in theory, but in order to measure whether it broke something, you have to have an extremely robust regression suite. Network scanners applying patches for known vulns... don't some products do that already, integrating with patch management tools and whatnot?
I've always wondered about the rest of our technology that fails in a similar way. Why do our application assessment tools not also fix the bugs they find? If you're trying to buy web application scanning, then your scanner should also be updating the application to fix those pesky SQL Injection bugs. Your binary/source analysis tool should be svn commiting patches to fix your overflows. If you have to rely on a developer to understand the bugs themselves, it doesn't scale. Your network attack tool should upload and run the right patch automatically.[1] Does the modern generation of scanners do this? - -dave [1] Obviously you can upload a management program like BindView instead, but this means you have to MANAGE everything, which doesn't scale. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIZ70etehAhL0gheoRAv/ZAJ9KjggIYf8ch5Hnw5Blajlg5U4+6gCZAVwk WB9QwhyVDqiGFA182Oso9m4= =nHWH -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Twitter: (verb) to fail under exponential growth Dave Aitel (Jun 29)
- Re: Twitter: (verb) to fail under exponential growth Chris Eng (Jun 29)
- Re: Twitter: (verb) to fail under exponential growth Adrien Krunch Kunysz (Jun 29)
- Re: Twitter: (verb) to fail under exponential growth Marc Maiffret (Jun 30)
- Re: Twitter: (verb) to fail under exponential growth Lance M. Havok (Jun 30)