Right, yeah, I was thinking physical verification.
Functionality testing could verify known behaviors, but could never formally prove the non-existence of unknown, hostile behaviors.
- "time bomb" style hostile functionality that only unlocks after a certain time
- hostile functionality that can be remotely unlocked by obscure behaviors. think: more advanced versions of port knocking, specially (mis?)crafted TCP/IP payloads
Functionality testing could verify known behaviors, but could never formally prove the non-existence of unknown, hostile behaviors.
- "time bomb" style hostile functionality that only unlocks after a certain time
- hostile functionality that can be remotely unlocked by obscure behaviors. think: more advanced versions of port knocking, specially (mis?)crafted TCP/IP payloads
- etc