Re: "TrustedBSD" addons

Paul Robinson wrote:

> On Tue, Jun 29, 2004 at 03:30:19PM -0500, Kevin Lyons wrote:
> 
> 
>>Is there an ACM or IEEE article that quantifies this?
> 
> 
> You can not write an accurate assessment of potential vulnerabilites, only 
> discovered ones.

Well then discovered vulnerabilities vs. code size?  When one says 
something is a Myth, it is always nice to be able to prove why?

> It does not take a genius to work out that it only takes one line of badly 
> written code to introduce a vulnerability. It does not take a genius to 
> realise that badly written code is as much a management issue as any other.

Does it take a genius to realize the normal distribution and random 
coding errors by competent programmers occur all the time (even by 
security consiious programmers) and that the more code is written, 
therefore the probability of a vulnerability increases linearly?

> It certainly does not take a genius to asset that well written code 
> impregnable code is well written and impregnable no matter how many lines of 
> code it is made up of.

Given the perfect programmer that is a true statement.

>  
> 
>>>"Of late"? You've *JUST* noticed? Wow. :-)
>>
>>I will rephrase, I noticed enough to finally comment.
> 
> 
> Even so. :-)
>  

-- 
Kevin Lyons
OFD Engineering, 950 Threadneedle Suite 250, Houston Texas 77079
Phone: 281-679-9060, ext. 118, E-mail: kevin_lyons@ofdengineering.com

_______________________________________________
freebsd-chat@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@freebsd.org"