SLUG Mailing List Archives
Re: [SLUG] Re: Linux Advocate for Parliament
- To: slug <slug@xxxxxxxxxxx>
- Subject: Re: [SLUG] Re: Linux Advocate for Parliament
- From: Ken Foskey <foskey@xxxxxxxxxxxxxxxx>
- Date: Tue, 21 Sep 2004 14:08:48 +1000
On Tue, 2004-09-21 at 10:36, O Plameras wrote:
> It must be noted that manual inspection and analysis is only one process.
> The auditors have automated tools that they use to audit in addition to
> queries and answers as well as other tools like field testing, etc.
Automated checking is NOT the answer to security... Most problems that
can be harvested simply with tools can and should be done quickly.
True security comes from basic design, reducing permissions to a minimum
and other techniques. When it comes to a code audit you must have a
developer with enough time and the right attitude. That may not be
ability here, just a different way of thinking that most developers do
not need to worry about.