Is finding security holes a good idea?
David Honig
dahonig at cox.net
Wed Jun 16 14:55:50 EDT 2004
At 08:40 AM 6/16/04 -0700, Eric Rescorla wrote:
>> the search patterns used by blackhats - we are all human and are likely
>> to be drawn to similar bugs.
Prof Nancy Levenson once did a study where separate teams coded
solutions to the same problem. The different teams' code often erred
in the same places (eg corner cases). This was taken as
an argument against N-version programming IIRC. It supports
the argument that H. saps are succeptible to common cogntive
flaws. While this was a code *generation and test* experiment,
it does bear on the "evaluate for bugs" question too.
As far as whether finding holes is a good idea, remember that
the Pros do not report what they find.
No means or methods, remember?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list