On Sun, 2005-02-20 at 21:26 +0200, Willem Koenings wrote: > Yes, and thats why i said, that original quote is not always true > because it is differently understandable. If i know one specific flaw > or vulnerability, then i specifically can test against presence or > absence of that specific flaw or vulnerability. hehe... no, no. The quote said "flaws". Not a specific one. Flaws are errors as we know them. You can test for the presence of the ones we know, the specific ones. And you can test for the absence of these specific ones. But you can't test for the absence of any flaw. That would be akin to testing the presence of anti-flaws. What is a non-error? A non-flaw? It's a non-existing flaw, it doesn't exist. If could define and measure that to the extent that you can test for it, then Dijkstra can be proved wrong :) Until then the invert of presence of flaws is absence of flaws. And we can only test for the former. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html