Security testing podcast with Eugene Spafford
18th episode of The Silver Bullet Security Podcast.
Interview with Eugene Spafford
We use a lot of software that isn’t developed carefully, and the tools and techniques and languages aren’t necessarily the best for producing high-quality, robust software. Testing is a way for us to attempt to reduce some of the problems that may occur with it. It’s a mechanism that’s fairly well understood by people.
I don’t think testing is going to go away any time soon. I think it does play an important role.
The challenge with testing is in building testing software that can work on artifacts that might not have well-stated specifications and be used by people who might not have a lot of familiarity with good
testing technologies.
In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has.
In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has.
I believe that a lot of what’s talked about in ethical hacking is a little bit overdone, in part because we failed to build the systems properly in the first place. How many times do you actually have to do a buffer overflow to understand how it works?
Because understanding how to break something doesn’t necessarily show you how to fix it.
time 28:08
Interview with Eugene Spafford
We use a lot of software that isn’t developed carefully, and the tools and techniques and languages aren’t necessarily the best for producing high-quality, robust software. Testing is a way for us to attempt to reduce some of the problems that may occur with it. It’s a mechanism that’s fairly well understood by people.
I don’t think testing is going to go away any time soon. I think it does play an important role.
The challenge with testing is in building testing software that can work on artifacts that might not have well-stated specifications and be used by people who might not have a lot of familiarity with good
testing technologies.
In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has.
In the security realm, what we want to test is making sure that a program doesn’t do anything beyond what it’s designed to do. That’s a new area where much of the testing that goes on now has.
I believe that a lot of what’s talked about in ethical hacking is a little bit overdone, in part because we failed to build the systems properly in the first place. How many times do you actually have to do a buffer overflow to understand how it works?
Because understanding how to break something doesn’t necessarily show you how to fix it.
time 28:08
posted by omarg at
7:04 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home