[funsec] Curious questions...

Blanchard_Michael at emc.com Blanchard_Michael at emc.com
Mon Oct 24 15:25:49 CDT 2005 

 and that's why your detection engine lives on to this day :-)

 If only all companies produced code like that....  Wait... That would put
us all out of a job :-(


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I 
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
email:  Blanchard_Michael at EMC.COM 

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Drsolly
Sent: Monday, October 24, 2005 2:41 PM
To: Kowsik Guruswamy
Cc: funsec at linuxbox.org
Subject: Re: [funsec] Curious questions...

On Mon, 24 Oct 2005, Kowsik Guruswamy wrote:

> This is funsec after all and OT seems to be the order of the day. We
> have a lot of great people on this list to discuss/critique
> vulnerabilities and mis-implementations that ultimately cause
> vulnerabilities.
> 
> Questions are as follows:
> - How many of you have worked in product development where there was
> at least 1 million lines of code (a number pulled out of thin air) to
> which you had to contribute? It doesn't matter if it was open source
> or commercial.

I don't think we did that many lines of code.

> - During that process how many 'vulnerabilities' (i.e. bugs) did you
> end up introducing? This could be based on automated analysis,
> peer-reviews, audits, full-disclosures, etc

lots

> - What tools did you use to help you find these vulnerabilities?

1) we had a QA department, whose job was to find bugs, as well as test 
that the product found the viruses and didn't give false alarms.

2) But the ultimate testing was done by users, who have a far more diverse 
set of systems than any QA department could have.

Security wasn't an afterthought, it was intrinsic to the product
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

More information about the funsec mailing list