User: Password:
|
|
Subscribe / Log in / New account

Article quality management on LWN

Article quality management on LWN

Posted Sep 28, 2006 11:36 UTC (Thu) by tmk (guest, #40799)
Parent article: Fuzz testing

So I'm not a subscriber so I have no right to complain, but still... Please, please, Stop publishing these trivial fluff "articles" from Jake Edge who obviously has only a very shallow overview on misguided attempts at false security. Well engineered software needs no "fuzzing", it's provably correct. Fuzzing and pen-testing are just techniques of the incompetent (but criminal) underground of a bygone era.


(Log in to post comments)

Article quality management on LWN

Posted Sep 29, 2006 10:50 UTC (Fri) by robbe (subscriber, #16131) [Link]

> Stop publishing these trivial fluff "articles" from Jake Edge

IMO the piece was a decent introduction to fuzzing for those who have only heard the term, but never looked into it further.

> Well engineered software needs no "fuzzing", it's provably correct.

The "market" for well-engineered software of your kind is miniscule. How much of the systems you use (HW+SW) has been proven correct?

Article quality management on LWN

Posted Sep 29, 2006 14:42 UTC (Fri) by dmag (guest, #17775) [Link]

> Well engineered software needs no "fuzzing", it's provably correct.

Even if you prove your software is 100% correct, fuzzing is still useful until you prove your hardware and OS are correct too.

Proving your OS is "correct" is easy, if you strip you OS down to 5 lines of code. But on a real-world (useful) OS, its just not possible yet.

So, tmk, What percentage of the software *you* use is "proven correct?" (Remember to include in the list all the software involved in posting your reply: your OS, the code in your keyboard, mouse, monitor, BIOS and hard drive, your web browser, all routers on the path, any web caches, web proxy/load balance servers, web servers, etc..)

> Fuzzing and pen-testing are just techniques of the incompetent (but criminal) underground of a bygone era.

Ha ha. Just to pick a random example, I might agree that Microsoft is "incompetent" and "criminal", but the dream of "underground" and "bygone" has not happened yet..

P.S: I liked the original article. But I'm worried about downloading a PPT presentation from a guy looking for obscure holes in file formats... :)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds