On Sat, 13 May 2006 15:35:22 +0200, Roman Medina-Heigl Hernandez said:
> even accessed if the network were propperly segmented/firewalled. Or my
> IDS noticed the 0day exploitation (not very sure of this }:-)).
An IDS can almost never spot a 0day for the same reason almost all A/V
solutions can't
Lucien Fransman wrote:
> I often wondered about this. An assessment is only as good as the assesser.
> What is the use of a "i can break and exploit $foo application, and have
> shown this in my tests", if it is done by a private exploit? Again, i'm
[...]
> It only shows that the application
Well the same question cam eup also in OpenBSD-mailinglists.
And I angree with Theo de Raadt because he`s completly right.
So I`ll simply paste his mail:
---
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=114657401630096&w=2
>
> If I understand correctly from what I've been told, this is not a
>
On Friday 12 May 2006 05:20, Blue Boar wrote:
Hello,
> Do you want just public results of standardized blackbox testing?
> Something similar to the ICSA firewall certification? (Though, I assume
> you want actual public results.)
That would be ideal. properly anonimized ofcourse. It would be nice
On Friday 12 May 2006 05:20, Blue Boar wrote:
Hello,
> Do you want just public results of standardized blackbox testing?
> Something similar to the ICSA firewall certification? (Though, I assume
> you want actual public results.)
That would be ideal. properly anonimized ofcourse. It would be nice
On 5/12/06, Blue Boar <[EMAIL PROTECTED]> wrote:
Brian Eaton wrote:
> On 5/11/06, Blue Boar <[EMAIL PROTECTED]> wrote:
>> Don't we fairly quickly arrive at all products passing all the standard
>> tests, and "passing" no longer means anything?
>
> I believe that point is called "success."
I was
Brian Eaton wrote:
On 5/11/06, Blue Boar <[EMAIL PROTECTED]> wrote:
Don't we fairly quickly arrive at all products passing all the standard
tests, and "passing" no longer means anything?
I believe that point is called "success."
I was thinking more like all their "security" efforts only went
On 5/11/06, Blue Boar <[EMAIL PROTECTED]> wrote:
Don't we fairly quickly arrive at all products passing all the standard
tests, and "passing" no longer means anything?
I believe that point is called "success."
- Brian
___
Full-Disclosure - We believ
So pin it down a bit more for me.
Do you want just public results of standardized blackbox testing?
Something similar to the ICSA firewall certification? (Though, I assume
you want actual public results.)
Would you include source review? The Sardonix project tried to do that.
Who does the
From: "Michael Silk" <[EMAIL PROTECTED]>
why do we need this?
Take your average bit of common software. I can bet someone's thrown Spike
at it, someone else crazyfuzz, and another foofuz. Now let's say that it
stood up to everything that was thrown at it - and let's say another product
cr
On 5/12/06, David Litchfield <[EMAIL PROTECTED]> wrote:
How secure is software X?
At least as secure as Vulnerability Assessment Assurance Level P; or Q or R.
Well, that's what I think we should be able to say. What we need is an open
standard, that has been agreed upon by recognized experts, ag
How secure is software X?
At least as secure as Vulnerability Assessment Assurance Level P; or Q or R.
Well, that's what I think we should be able to say. What we need is an open
standard, that has been agreed upon by recognized experts, against which the
absence of software security vulnerabi
12 matches
Mail list logo
