funsec mailing list archives
RE: Curious questions...
From: Blanchard_Michael () emc com
Date: Mon, 24 Oct 2005 16:25:49 -0400
and that's why your detection engine lives on to this day :-) If only all companies produced code like that.... Wait... That would put us all out of a job :-( Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 email: Blanchard_Michael () EMC COM -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly Sent: Monday, October 24, 2005 2:41 PM To: Kowsik Guruswamy Cc: funsec () linuxbox org Subject: Re: [funsec] Curious questions... On Mon, 24 Oct 2005, Kowsik Guruswamy wrote:
This is funsec after all and OT seems to be the order of the day. We have a lot of great people on this list to discuss/critique vulnerabilities and mis-implementations that ultimately cause vulnerabilities. Questions are as follows: - How many of you have worked in product development where there was at least 1 million lines of code (a number pulled out of thin air) to which you had to contribute? It doesn't matter if it was open source or commercial.
I don't think we did that many lines of code.
- During that process how many 'vulnerabilities' (i.e. bugs) did you end up introducing? This could be based on automated analysis, peer-reviews, audits, full-disclosures, etc
lots
- What tools did you use to help you find these vulnerabilities?
1) we had a QA department, whose job was to find bugs, as well as test that the product found the viruses and didn't give false alarms. 2) But the ultimate testing was done by users, who have a far more diverse set of systems than any QA department could have. Security wasn't an afterthought, it was intrinsic to the product _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Curious questions..., (continued)
- Re: Curious questions... Kowsik Guruswamy (Oct 24)
- Re: Curious questions... Drsolly (Oct 24)
- Re: Curious questions... Kowsik Guruswamy (Oct 24)
- Re: Curious questions... Gary Warner (Oct 24)
- Re: Curious questions... Gary Warner (Oct 24)
- Re: Curious questions... Nick FitzGerald (Oct 24)
- Re: Curious questions... Tom Van Vleck (Oct 24)
- Re: Curious questions... Nick FitzGerald (Oct 24)
- Re: Curious questions... Kowsik Guruswamy (Oct 24)
- Re: Curious questions... Florian Weimer (Oct 24)
- Re: Curious questions... Aviram Jenik (Oct 25)
- RE: Curious questions... Blanchard_Michael (Oct 24)
- RE: Curious questions... Drsolly (Oct 24)