in reply to (OT) Black- vs. white-box testing

White-box testing — tests designed against the code which actually implements the functionality — is critical to evaluate the security of the code. Black-box (monkeys with typewriters) pounding at potential vulnerabilities is simply too inefficient to be valuable. It is good to have some standard black boxes (like buffer overflows), but even better to know "oh, this string gets eval'd — I'd better write a test to make sure it won't do anything stupid"

The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon

Replies are listed 'Best First'.
Re^2: (OT) Black- vs. white-box testing
by robharper (Pilgrim) on Oct 26, 2005 at 08:50 UTC
    ++ Thanks for that insight. For some reason I hadn't considered the security of code. But I guess that's why I'm not a programmer by trade. :o)
[reply]

In Section Meditations