version 1.15, 1998/02/19 22:37:51 |
version 1.16, 1998/02/19 22:41:42 |
|
|
these new flaws in mind. |
these new flaws in mind. |
|
|
<p> |
<p> |
Our security auditing proces is a proactive one. In almost all cases |
Another facet of our security auditing process is it's proactiveness. |
we have found that exploitability is not an issue. We have fixed many |
In almost all cases we have found that the determination of |
simple and obvious careless programming errors in code and then only |
exploitability is not an issue. During our auditing process we find |
months later discovered that the problems were in fact exploitable. |
many bugs, and endeavor to simply fix them even though exploitability |
The proactive auditing process has really paid off. Statements like |
is not proven. We have fixed many simple and obvious careless |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
programming errors in code and then only months later discovered that |
commonplace in security forums like BUGTRAQ. |
the problems were in fact exploitable. This proactive auditing |
|
process has really paid off. Statements like ``This problem was fixed |
|
in OpenBSD about 6 months ago'' have become commonplace in security |
|
forums like BUGTRAQ. |
|
|
<p> |
<p> |
The auditing process is not over yet, and as you can see we continue |
The auditing process is not over yet, and as you can see we continue |