At 08:00 AM 4/25/95 -0400, Dr. Frederick B. Cohen wrote:
>Most of the firewall vendors and other people on this list write
>programs, never test them at the boundary conditions, and assume that
>they works properly because the code looks right to them and seems to
>work when they try it on their application. When someone asks about
>boundary conditions, they say they have never tested it, but that they
>looked at the source code and figure it will work the same way under
>high stress conditions as under normal load conditions. The lack of
>experimental confirmation presents no problem for the producers or
>consumers and presents no impediment to the purchase of a firewall from
>such a vendor.
I've really go to agree with Dr. Cohen here. Software testing in almost all
of the Unix community is woefully lax. Even basic functionally testing is
often ignored, look at what a gibberish generator will do to most commands.
I'd really be surprised if much in the way of stress testing was happening,
in fact, I doubt if thorough functional testing is happening.
Yes, I am obsessive about this. I once worked (briefly) on a project that I
believe would have killed people if it had ever been installed. This was
because of the testing philosophy that too many folks had -- if we can make
it work once, it passes. I was overjoyed when I heard the FAA had killed