funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Curious questions...

From: Drsolly <drsollyp () drsolly com>
Date: Mon, 24 Oct 2005 19:40:59 +0100 (BST)
On Mon, 24 Oct 2005, Kowsik Guruswamy wrote:


This is funsec after all and OT seems to be the order of the day. We
have a lot of great people on this list to discuss/critique
vulnerabilities and mis-implementations that ultimately cause
vulnerabilities.

Questions are as follows:
- How many of you have worked in product development where there was
at least 1 million lines of code (a number pulled out of thin air) to
which you had to contribute? It doesn't matter if it was open source
or commercial.


I don't think we did that many lines of code.


- During that process how many 'vulnerabilities' (i.e. bugs) did you
end up introducing? This could be based on automated analysis,
peer-reviews, audits, full-disclosures, etc


lots


- What tools did you use to help you find these vulnerabilities?


1) we had a QA department, whose job was to find bugs, as well as test 
that the product found the viruses and didn't give false alarms.

2) But the ultimate testing was done by users, who have a far more diverse 
set of systems than any QA department could have.

Security wasn't an afterthought, it was intrinsic to the product
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: