To all in response to Dr Cohen's request for views.
I must agree with both Mr Ranum and Dr. Cohen in the arena of testing.
Yes Mr Ranum testing cannot EVER confirm that a security system will not
fail. In support of Dr. Cohen's view, however, the very foundation of
scientific inquiry is built on the concept of test until failure, then
modify your hypothesis to take into account the fact that your experiment
(test) failed. In the case of firewall design, your hypothesis is your
design it would be considered a good hypothesis until someone caused it to
fail. It is in your best interest that YOU cause that failure rather than
an individual bent on desruption or destruction.
Therefore I find that I must agree with Dr. Cohen on this topic.