[LINK] What's a reasonable level of code-checking?

[Craig Sanders]

On Sat, Aug 19, 2006 at 06:32:56AM +1000, Rick Welykochy wrote:
> Goal: meet these requirements, and nothing more. Lock down the "net device"
> 100%, test and retest. Release. Done.

six months later, do it all again because a new bug & exploit has been
discovered.

As Schneier says, security is a process, not a product.  there is no magic
black box that provides "security" - it requires understanding and direct
involvement by the user.

craig

-- 
craig sanders <cas at taz.net.au>           (part time cyborg)