=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.21 retrieving revision 1.22 diff -c -r1.21 -r1.22 *** www/security.html 1998/02/21 15:49:58 1.21 --- www/security.html 1998/02/21 22:25:36 1.22 *************** *** 16,31 ****
- Like most readers of the BUGTRAQ mailing list, --- 16,31 ----
Like most readers of the BUGTRAQ mailing list, *************** *** 34,43 **** experience shows that coding and release of proper security fixes typically requires about an hour of work resulting in very fast fix turnaround. Thus we think that full disclosure helps the people who ! really care about security. -
- Our security auditing team typically has between six and twelve members, and most of us continually search for and fix new security holes. We have been auditing since the summer of 1997. The process we --- 34,41 ---- experience shows that coding and release of proper security fixes typically requires about an hour of work resulting in very fast fix turnaround. Thus we think that full disclosure helps the people who ! really care about security.
Our security auditing team typically has between six and twelve members, and most of us continually search for and fix new security holes. We have been auditing since the summer of 1997. The process we *************** *** 46,54 **** just about every area of the system. Entire new classes of security problems were found while we were doing the audit, and in many cases source code which had been audited earlier had to be re-audited with ! these new flaws in mind. -
Another facet of our security auditing process is it's proactiveness. In almost all cases we have found that the determination of exploitability is not an issue. During our auditing process we find --- 44,51 ---- just about every area of the system. Entire new classes of security problems were found while we were doing the audit, and in many cases source code which had been audited earlier had to be re-audited with ! these new flaws in mind.
Another facet of our security auditing process is it's proactiveness. In almost all cases we have found that the determination of exploitability is not an issue. During our auditing process we find *************** *** 137,143 ****