1、实现过程中会引入fault

2、fault database，并且进行分类，对于classification scheme中的不同类别提出不同的测试方法

弄这个database的作用有三：一，static audit analysis；二，intrusion detection；三，fault detection

并且可以让fault prevention和detection的过程更加系统化；database里面包含两部分信息：vulnerability information和security patch information

问题：这里的fault能否和flaw等同？fault的定义是什么？

3、分类的原因：

A fault classification scheme can be used to categorize faults that share a common characteristic. The categories can be used to collect statistics about faults and devise methods for fault prevention and detection. Beizer [Bei83] summarized the importance of fault classifications as:
"It is important to establish categories for bugs if you take the goal of bug prevention seriously. If a particular kind of bug recurs or seems to dominate the kinds of bugs you have, then it is possible through education, training, new controls, revised controls, documentation, inspection, and a variety of other methods to reduce the incidence of that kind of bug. If you have no statistics on the frequency of bugs, you cannot have a rational perspective on where and how to allocate your limited bug prevention resources."

4、安全破坏的三种原因：

4.1 operational fault

4.2 coding fault

4.3 environment fault

5、传统方法不给力

penetrate & patch paradigm [Sch79a]

6、security testing的作用 [Bei83] - 一本书 Software Testing Techniques

confidence in the security measure

缺乏系统的security testing的方法，现在有两种：

一、penetration analysis - 需要一个tiger team，而且效果依赖于这个团队的能力[Lin75, H+80, Wil81, AMP76]

二、formal verification -[MD79]

7、一些penetrating analysis的例子

7.1 Protection Analysis (PA) Project (1970')

它无法完成原定的自动error detection process的目标，使用的方法为pattern-directed approach

7.2 PISOS项目

7.3 Flaw Hypothesis Methodology

有许多成功的案例

8、static方法和dynamic方法的比较

各有所长，而且可以作为一个互补