=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- www/security.html 1998/02/24 19:47:15 1.34 +++ www/security.html 1998/02/24 21:15:26 1.35 @@ -61,16 +61,29 @@ programming errors in code and then only months later discovered that the problems were in fact exploitable. In other cases we have been saved from full exploitability of complex step-by-step attacks because -we had fixed one of the steps. An example of where we did this is the +we had fixed one of the steps. An example of where we managed such a +success is the -lpd advisory from -Secure Networks.

+lpd advisory from Secure Networks.

-This proactive auditing -process has really paid off. Statements like ``This problem was fixed -in OpenBSD about 6 months ago'' have become commonplace in security -forums like BUGTRAQ.

+This proactive auditing process has really paid off. Statements like +``This problem was fixed in OpenBSD about 6 months ago'' have become +commonplace in security forums like BUGTRAQ.

+Most of our security auditing happened immediately before the OpenBSD +2.0 release and during the 2.0->2.1 transition. Thousands of security +issues were fixed rapidly over almost a year, like the standard buffer +overflows, protocol implementation weaknesses, and filesystem races. +In the time since then, the types of security problems we find and fix +have tended to be more obscure or complicated. Still we will persist +for a number of reasons: +

+ The auditing process is not over yet, and as you can see we continue to find and fix new security flaws.

@@ -152,7 +165,7 @@ OpenBSD www@openbsd.org
-$OpenBSD: security.html,v 1.34 1998/02/24 19:47:15 deraadt Exp $ +$OpenBSD: security.html,v 1.35 1998/02/24 21:15:26 deraadt Exp $