Tuesday, January 20, 2009

Security testing podcast with Eugene Spafford

18th episode of The Silver Bullet Security Podcast.

Interview with Eugene Spafford

We use a lot of software that isn’t developed carefully, and the tools and techniques and languages aren’t necessarily the best for producing high-quality, robust software. Testing is a way for us to attempt to reduce some of the problems that may occur with it. It’s a mechanism that’s fairly well understood by people.
I don’t think testing is going to go away any time soon. I think it does play an important role.

The challenge with testing is in building testing software that can work on artifacts that might not have well-stated specifications and be used by people who might not have a lot of familiarity with good
testing technologies.

In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has.

In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has.


I believe that a lot of what’s talked about in ethical hacking is a little bit overdone, in part because we failed to build the systems properly in the first place. How many times do you actually have to do a buffer overflow to understand how it works?

Because understanding how to break something doesn’t necessarily show you how to fix it.


time 28:08

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home