rook

47,004
reputation
10
94
182

The only way to prove the security of anything is through rigorous testing.

There are very smart people on SO and there are excellent answers given, although the right answer isn't always chosen, and the question could be oversimplified or misunderstood.

I have been writing exploit code for a while. I have found numerous vulnerabilities in applications and critical infrastructure. I have received three severity metrics from the Department of Homeland Security. The most severe was in the top 500 more dangerous software flaws of all time.

My CVE numbers:

CVE-2011-0050 CVE-2011-0049 CVE-2011-0048 CVE-2009-1759 CVE-2009-0468 CVE-2009-0467 CVE-2009-0389 CVE-2008-6975 CVE-2008-6499 CVE-2008-6498 CVE-2008-5621 CVE-2008-2043 CVE-2008-2002 CVE-2007-6485 CVE-2007-6458 CVE-2007-6459 CVE-2007-6471 CVE-2007-5646 CVE-2007-0134 CVE-2007-0132 CVE-2007-0130 CVE-2006-6781 CVE-2006-6780 CVE-2006-3208 CVE-2006-3207 CVE-2006-3206 CVE-2006-3205 CVE-2006-3204 CVE-2006-3203