Our security auditing team typically has between six and twelve ! members, and most of us continually search for and fix security holes. ! We have been auditing for approximately two years. The process we followed to increase security was simply a comprehensive file-by-file analysis of every critical software component. Flaws were found in just about every area of the system. Entire new classes of security --- 33,42 ---- available extremely quickly.
+ Our security auditing team typically has between six and twelve ! members, and most of us continually search for and fix new security ! holes. We have been auditing since the summer of 1997. The process we followed to increase security was simply a comprehensive file-by-file analysis of every critical software component. Flaws were found in just about every area of the system. Entire new classes of security *************** *** 44,49 **** --- 45,59 ---- these new flaws in mind.
+ Our security auditing proces is a proactive one. In almost all cases + we have found that exploitability is not an issue. We have fixed many + simple and obvious careless programming errors in code and then only + months later discovered that the problems were in fact exploitable. + The proactive auditing process has really paid off. Statements like + ``This problem was fixed in OpenBSD about 6 months ago'' have become + commonplace in security forums like BUGTRAQ. + +
The auditing process is not over yet, and as you can see we continue to find and fix new security flaws. *************** *** 87,93 ****