On Tues, 22 Aug 2006 00:51
Bill Royds wrote:
> ASN.1 is a formal language to describe data structures for
> use of a number of protocols. One would expect that
> protocols that use ASN.1 as their structure grammar should be
> quite secure.
> But there have probably been more vulnerabilities in ASN.1
> based protocols than any other. SO even a formal grammar is
> probably not good enough to define "correct" input.

Using formal specification does not imply correct implementation...

Following is a nice paper about a british software company using formal method
all the way from specification to implementation:
Just two excerpts:
"average of less than one error in every 10 000 lines of delivered code"
"[this company] fix for free any problem that came up in the first year of


firewall-wizards mailing list