I'm not looking for technology. It is going to be a very long time before software can even find unintentional security errors. I was hoping that someone had done some research on how human code review can find malicious logic. Is the problem exactly the same as searching for inadvertent security flaws, or are there specialized techniques for searching out malicious logic. Thanks for any thoughts on this topic! > David Wagner wrote > > Jeff Williams wrote: > >Does anyone on the list know of any research in detecting "malicious code" > >as opposed to simply inadvertent security screwups? Seems to me that the > >best attacks would be very difficult to distinguish from a ordinary > >mistake. > > Yeah: It's really, really hard. The only answer I know to give > is "forget about it; today's technology can't do what you want". > Sorry -- I know that's not very helpful.
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 19:28:41 PST