version 1.35, 1998/02/24 21:15:26 |
version 1.36, 1998/02/24 21:19:05 |
|
|
href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
|
|
Most of our security auditing happened immediately before the OpenBSD |
Most of our security auditing happened immediately before the OpenBSD |
2.0 release and during the 2.0->2.1 transition. Thousands of security |
2.0 release and during the 2.0->2.1 transition, over the last third of |
issues were fixed rapidly over almost a year, like the standard buffer |
1996 and first half of 1997. Thousands (Yes, that is thousands) of |
overflows, protocol implementation weaknesses, and filesystem races. |
security issues were fixed rapidly over the year long period; bugs |
In the time since then, the types of security problems we find and fix |
like the standard buffer overflows, protocol implementation |
have tended to be more obscure or complicated. Still we will persist |
weaknesses, information gathering, and filesystem races. More |
for a number of reasons: |
recently the security problems we find and fix tend to be more obscure |
|
or complicated. Still we will persist for a number of reasons: |
|
|
<ul> |
<ul> |
<li>Occasionally we find a simple one we missed before. |
<li>Occasionally we find a simple one we missed before. |
<li>Security is like an arms race; the best attackers will continue |
<li>Security is like an arms race; the best attackers will continue |