From owner-freebsd-security Tue Jul 21 04:20:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA00427 for freebsd-security-outgoing; Tue, 21 Jul 1998 04:20:54 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA00417 for ; Tue, 21 Jul 1998 04:20:51 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id FAA07335; Tue, 21 Jul 1998 05:20:28 -0600 (MDT) Message-Id: <199807211120.FAA07335@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 21 Jul 1998 05:20:24 -0600 To: "Jordan K. Hubbard" , Garance A Drosihn From: Brett Glass Subject: Re: Projects to improve security (related to C) Cc: security@FreeBSD.ORG In-Reply-To: <27231.900993063@time.cdrom.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:51 PM 7/20/98 -0700, Jordan K. Hubbard wrote: >> However, I don't want to just drop this issue either. Could we think >> of projects we could do in the next few months, for instance, which >> might help us to improve security? Even if we won't have time to > >Audit. Audit audit audit. More like audit, audit, audit, audit, audit, audit, audit.... Ad infinitum. Ad nauseam. Unreliably. Missing all sorts of holes and bugs. It's not only tedious -- it also doesn't work. Again, quality and security shouldn't be tested in. Or audited in (which is worse, because it misses much more than a mechanical test). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message