Re: malicious code

From: Jeff Williams (jsquaredat_private)
Date: Mon Jan 27 2003 - 18:34:48 PST

  • Next message: Crispin Cowan: "Re: malicious code"

    I'm not looking for technology.  It is going to be a very long time before
    software can even find unintentional security errors. I was hoping that
    someone had done some research on how human code review can find malicious
    logic. Is the problem exactly the same as searching for inadvertent
    security flaws, or are there specialized techniques for searching out
    malicious logic.
    
    Thanks for any thoughts on this topic!
    
    
    > David Wagner wrote
    >
    > Jeff Williams wrote:
    > >Does anyone on the list know of any research in detecting "malicious
    code"
    > >as opposed to simply inadvertent security screwups?  Seems to me that
    the
    > >best attacks would be very difficult to distinguish from a ordinary
    > >mistake.
    >
    > Yeah: It's really, really hard.  The only answer I know to give
    > is "forget about it; today's technology can't do what you want".
    > Sorry -- I know that's not very helpful.
    



    This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 19:28:41 PST