Date: Tue, 29 Jun 2004 15:44:31 -0500 From: Kevin Lyons <kevin_lyons@ofdengineering.com> To: Paul Robinson <paul@iconoplex.co.uk> Cc: freebsd-chat@freebsd.org Subject: Re: "TrustedBSD" addons Message-ID: <40E1D4AF.9040909@ofdengineering.com> In-Reply-To: <20040629203624.GW34683@iconoplex.co.uk> References: <40E1A6C0.2040406@ofdengineering.com> <40E1B3B5.1020906@palisadesys.com> <40E1B7A3.3040409@ofdengineering.com> <20040629201433.GV34683@iconoplex.co.uk> <40E1D15B.5040605@ofdengineering.com> <20040629203624.GW34683@iconoplex.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Robinson wrote: > On Tue, Jun 29, 2004 at 03:30:19PM -0500, Kevin Lyons wrote: > > >>Is there an ACM or IEEE article that quantifies this? > > > You can not write an accurate assessment of potential vulnerabilites, only > discovered ones. Well then discovered vulnerabilities vs. code size? When one says something is a Myth, it is always nice to be able to prove why? > It does not take a genius to work out that it only takes one line of badly > written code to introduce a vulnerability. It does not take a genius to > realise that badly written code is as much a management issue as any other. Does it take a genius to realize the normal distribution and random coding errors by competent programmers occur all the time (even by security consiious programmers) and that the more code is written, therefore the probability of a vulnerability increases linearly? > It certainly does not take a genius to asset that well written code > impregnable code is well written and impregnable no matter how many lines of > code it is made up of. Given the perfect programmer that is a true statement. > > >>>"Of late"? You've *JUST* noticed? Wow. :-) >> >>I will rephrase, I noticed enough to finally comment. > > > Even so. :-) > -- Kevin Lyons OFD Engineering, 950 Threadneedle Suite 250, Houston Texas 77079 Phone: 281-679-9060, ext. 118, E-mail: kevin_lyons@ofdengineering.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40E1D4AF.9040909>