This Article 
 Bibliographic References 
 Add to: 
Why Security Testing Is Hard
July-August 2003 (vol. 1 no. 4)
pp. 83-86
Herbert H. Thompson, Security Innovation

Software testing is a discipline that has become pretty good at verifying requirements. Languages such as the Unified Modeling Language have made the process of moving from a specification (what the application should do) to test cases (verification that the application operates as specified) much easier. However, several types of bugs routinely escape testing. Many of these flaws are not specification violations in the traditional sense, meaning that the application might behave correctly according to requirements, but it might perform some additional, unspecified task in the process. Bugs like these would necessarily escape most automated testing because testers craft test cases to look for the presence of some correct behavior and not the absence of additional behavior. The subtle nature of most security bugs and why testing for them can be difficult is examined.

Herbert H. Thompson, "Why Security Testing Is Hard," IEEE Security & Privacy, vol. 1, no. 4, pp. 83-86, July-Aug. 2003, doi:10.1109/MSECP.2003.1219078
Usage of this product signifies your acceptance of the Terms of Use.