Firewall Wizards mailing list archives
Re: Re[2]: Penetration testing via shrinkware
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 22 Sep 1998 17:40:53 -0400
Richard Christie wrote:
What your really driving at Marcus is developing software in a trusted manner. Companies developing Firewall software should be evaluated by SEI for a Capability Maturity Model (CMM) rating.
ARrrggghhHH!!!! More formalistic nonsense scams! Does someone's ability to predictably generate documentation really correlate to their ability to produce a good product that works?? The SEI evaluation may have some validity, but it strikes me more like an attempt to do one of those ISO9000-oid certification scams. It's important that people developing security products know what they're doing, and know how to write security critical code -- but I can't think of a practical way to legislate it. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: Penetration testing via shrinkware, (continued)
- Re: Penetration testing via shrinkware Ted Doty (Sep 24)
- Re: Penetration testing via shrinkware James Goldston (Sep 21)
- Re: Penetration testing via shrinkware Frederick M Avolio (Sep 21)
- encrypting modem arjo (Sep 22)
- Re: encrypting modem Leonard Miyata (Sep 23)
- Re: encrypting modem Michael Barkett (Sep 23)
- Re: encrypting modem iCefoX (Sep 23)
- Re: Re[2]: Penetration testing via shrinkware Marcus J. Ranum (Sep 23)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Perry E. Metzger (Sep 24)
- Re: Re[2]: Penetration testing via shrinkware Joseph S. D. Yao (Sep 24)
- Re: Penetration testing via shrinkware David Collier-Brown (Sep 24)