Comments on: A Great Example of Bugfinder Nirvana

By: Pete Lindstrom

Pete Lindstrom — Wed, 08 Oct 2008 01:11:09 +0000

@hellNbak -

“That alone is proof that SDL does in fact work.”

That is a gross misunderstanding of either 1) proof; 2) SDL; or 3) fact. At best, it may provide some information that seems to support your hypothesis, but that is it.

Here’s a simple alternative notion – if the amount of external bugfinding effort on Microsoft products has been reduced to 1/10th the effort involved prior to SDL, then it will take 10 times as long to find bugs and the software would have the same level of vulnerability.

By: hellNbak

hellNbak — Tue, 07 Oct 2008 22:18:40 +0000

At least spell my name right Ryan.

Name one remote system vulnerability found in the last 12 months in a Microsoft operating system. That alone is proof that SDL does in fact work. When I say work, I do not mean it is the silver bullet solution but it does improve the security of code.

So this has nothing to do with making me feel good because there are still many improvements that can be made and obviously any process like SDL is only as good as those following it.

By: Ryan Naraine

Ryan Naraine — Mon, 21 Apr 2008 15:03:07 +0000

hellnback is steve manzuik, formerly of eeye, now at juniper.

_ryan

By: Pete

Pete — Mon, 21 Apr 2008 15:00:35 +0000

@Patrick -

That’s just it, that paragraph *is* his evidence. Which demonstrates my point that this whole issue is about faith and not evidence.

Yeah, couldn’t resist the fanboy comment..

Pete

By: Patrick Boyd

Patrick Boyd — Mon, 21 Apr 2008 14:50:24 +0000

So because he hasn’t posted the evidence he is a fan boy?

Let me rephrase, by your logic you didn’t prove that he is a fan boy therefore you have some sort of vendetta against HellnBak.