[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Web sites compromised by IIS attack
- To: FULL-DISCLOSURE@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Web sites compromised by IIS attack
- From: Maarten <fulldisc@xxxxxxxxxxxx>
- Date: Fri, 2 Jul 2004 03:41:15 +0200
On Thursday 01 July 2004 12:09, Valdis.Kletnieks@xxxxxx wrote:
> On Wed, 30 Jun 2004 21:08:27 CDT, Paul Schmehl <pauls@xxxxxxxxxxxx> said:
> > I attended a presentation yesterday for a security product in the
> > application firewall field. During the presentation, the CISSP stated
> > that "in every 1000 lines of code there will be 15 errors". I don't know
> > if I'd agree with that - I suspect most coders are a bit better than that
> > - but I had to chuckle, because, of course, I immediately thought, "So
> > you admit that your code is riddled with holes!"
>
> Actually, I suspect most coders are *worse* than that.
>
> Sendmail 8.13.0 weighs in at just about 90K lines of C code for
> the main program. By that metric, there should only have been 135
> bugs in it. In fact, there are 441 occurrences of 'Problem noted by'
> in the release notes.
Except for the fact that your math is off; 15 times 90 equals 1350, not 135.
By that number, we'd have to assume that not even half of sendmails' bug are
found as of yet, which imho is a little hard to believe.
just nitpicking, but...
Greetings,
Maarten
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html