How to cheat at the lottery
Charles Lindsey
chl@clw.cs.man.ac.uk
Wed, 18 Aug 1999 09:39:24 +0100
On Tue, 17 Aug 1999 22:50:34 +0100
Ross Anderson <Ross.Anderson@cl.cam.ac.uk> said...
> In retrospect, this should surprise no-one. Figuring out what a system
> should do often means iterating the specification in the light of
> attacks. This process is not all that different from iterating the
> design of an operating system in the light of customer complaints. If
> you can get lots of bright people to think up attacks (or complaints)
> in parallel before you code up the system, you might save a lot of
> money. The economics - of how many man-months of thinking teach you as
> much as how many years of field testing - must be determined
> empirically, but the experiment I conducted is at least a start.
It's rather like a lot of people in parallel figuring out flaws in a
Bill about to be laid before parliament :-) .
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5