OpenBSD Journal

y Chock-Full of smart people ...

Contributed by Dengue on from the disciplined-too dept.

bob writes :
" http://online.securityfocus.com/columnists/82 "The OpenBSD team is pretty much the best there is, but security is difficult. It's difficult even when you have a small, well-disciplined team chock-full of smart people working closely from well-written specifications and dedicated to security above most other goals, including commercial success."

If you read this article you will notice that this quote was strategically taken, but it is nice anyways."

(Comments are closed)


Comments
  1. By rm0 () mzzukz@inbox.lv on mailto:mzzukz@inbox.lv

    ... a new t-shirt design sporting that
    sentence to accompany the next release?.

    --
    R

  2. By Anonymous Coward () on

    While the OpenBSD plug is nice, Lasser is a bit off the mark. The question he raises at the beginning of the article is about access to protocols and APIs, but the problems he goes on to discuss are all related to code and implementation decisions. Two different things, and while there may be additional exposure from opening up protocols, it's a drop in the bucket compared to the exploits made possible by crappy programming practices. Look at UPnP - a horribly insecure protocol, yet it was a buffer overrun that nailed it.

    Comments
    1. By Roo () on

      MS silently installed that sucker with a security update on my 98 box... Wondered where all these packets were coming from on my 98 box - read the advisories, by chance hit on the UPNP one and bingo !

      I hate installing a patch only to find it opens up a brand spanking new security hole... Not an oversight either, but a whole protocol that my box wasn't talking before hand too.

      Sod that for a game of soldiers.

      As it happens Lasser does have a point. It's not only insecure by implementation but also by design. He's making a sort of back-handed compliment to MS's insistance that they need security by obscurity...

      Cheers,
      Roo

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]