[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTIONS: 2.4-2.6



On 20 Jun 2002, Andrew Krywaniuk wrote:
> The problem with formal analyses is that you only find the problems you are
> looking for. What happens when the problem turns out to be something
> unexpected (e.g. you hadn't considered DoS attacks).

Real formal analyses -- formal ones, not handwaving ones -- are actually
fairly good at finding problems that are implicit in the design but hard
to spot.  You can often prove incorrectness even if you can't prove
correctness, so to speak... 

The problem is that they're always done by reference to a specification,
so they can't find things that the specification writer didn't think of or
couldn't find a way to formalize.

                                                          Henry Spencer
                                                       henry@spsystems.net