[Discuss] AeroFS
Richard Pieri
richard.pieri at gmail.com
Sun Apr 20 13:42:20 EDT 2014
Mike Small wrote:
> So you're left with only black box testing. No static analysis tools, no
> runtime memory debuggers, no discussing the problem and the general code
> quality in public forums, no forking the project and trimming the awful
> 300,000 lines down to something more manageable with the "exploit
> mitigation countermeasures" removed (
None of these told us about the Heartbleed flaw in OpenSSL. As a matter
of fact, it was Codenomicon attacking their own servers that lead to the
world-wide revelation. Black box testing worked where open source
philosophy utterly, completely, catastrophically failed.
--
Rich P.
More information about the Discuss
mailing list