Re: security in testing
On Wed, May 14, 2003 at 11:14:20PM +0200, Björn Stenberg wrote:
> Matt Zimmerman wrote:
> > There is no shortage of opinions about what "we" should do, but there is
> > unlikely to be any action until an "I" arises who actually does the
> > work.
> Of course, but it's still important to discuss what should be done. "Show
> me the code" is only a useful response if anyone in the audience actually
> knows what said code is supposed to achieve.
The idea being discussed, as I understand it, is to have fewer security
vulnerabilities in 'testing'. The only sane way to accomplish this is to
fix the bugs. There has been a disproportionate amount of strategizing
around this simple idea.