=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.28 retrieving revision 1.29 diff -c -r1.28 -r1.29 *** www/security.html 1998/02/24 00:30:49 1.28 --- www/security.html 1998/02/24 00:53:56 1.29 *************** *** 52,58 **** many bugs, and endeavor to simply fix them even though exploitability is not proven. We have fixed many simple and obvious careless programming errors in code and then only months later discovered that ! the problems were in fact exploitable. This proactive auditing process has really paid off. Statements like ``This problem was fixed in OpenBSD about 6 months ago'' have become commonplace in security forums like BUGTRAQ.
--- 52,65 ---- many bugs, and endeavor to simply fix them even though exploitability is not proven. We have fixed many simple and obvious careless programming errors in code and then only months later discovered that ! the problems were in fact exploitable. In other cases we have been ! saved from full exploitability of complex step-by-step attacks because ! we had fixed one of the steps. An example of where we did this is the ! ! lpd advisory from ! Secure Networks.
! ! This proactive auditing process has really paid off. Statements like ``This problem was fixed in OpenBSD about 6 months ago'' have become commonplace in security forums like BUGTRAQ.
*************** *** 113,122 **** If a problem is proven and serious, a patch will be available here very shortly after.
--- 120,131 ---- If a problem is proven and serious, a patch will be available here very shortly after.
***************
*** 136,142 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.28 1998/02/24 00:30:49 deraadt Exp $