version 1.196, 2002/03/07 19:25:37 |
version 1.197, 2002/03/07 21:47:48 |
|
|
have fixed many simple and obvious careless programming errors in code |
have fixed many simple and obvious careless programming errors in code |
and only months later discovered that the problems were in fact |
and only months later discovered that the problems were in fact |
exploitable. (Or, more likely someone on |
exploitable. (Or, more likely someone on |
<a href=http://www.securityfocus.com/bugtraq/archive>BUGTRAQ</a> |
<a href="http://online.securityfocus.com/archive/1">BUGTRAQ</a> |
would report that other operating systems were vulnerable to a `newly |
would report that other operating systems were vulnerable to a `newly |
discovered problem', and then it would be discovered that OpenBSD had |
discovered problem', and then it would be discovered that OpenBSD had |
been fixed in a previous release). In other cases we have been saved |
been fixed in a previous release). In other cases we have been saved |
|
|
Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
commonplace in security forums like |
commonplace in security forums like |
<a href=http://www.securityfocus.com/bugtraq/archive>BUGTRAQ</a>.<p> |
<a href="http://online.securityfocus.com/archive/1">BUGTRAQ</a>.<p> |
|
|
The most intense part of our security auditing happened immediately |
The most intense part of our security auditing happened immediately |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |