| version 1.101, 1999/08/13 12:31:11 |
version 1.102, 1999/08/19 06:57:33 |
|
|
| fixing security problems.<p> |
fixing security problems.<p> |
| |
|
| Like many readers of the |
Like many readers of the |
| <a href=http://www.geek-girl.com/bugtraq/index.html> |
<a href=http://www.securityfocus.com/bugtraq/archive> |
| BUGTRAQ mailing list</a>, |
BUGTRAQ mailing list</a>, |
| we believe in full disclosure of security problems. Security |
we believe in full disclosure of security problems. Security |
| information moves very fast in cracker circles. On the other hand, |
information moves very fast in cracker circles. On the other hand, |
|
|
| have fixed many simple and obvious careless programming errors in code |
have fixed many simple and obvious careless programming errors in code |
| and only months later discovered that the problems were in fact |
and only months later discovered that the problems were in fact |
| exploitable. (Or, more likely someone on |
exploitable. (Or, more likely someone on |
| <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a> |
<a href=http://www.securityfocus.com/bugtraq/archive>BUGTRAQ</a> |
| would report that other operating systems were vulnerable to a `newly |
would report that other operating systems were vulnerable to a `newly |
| discovered problem', and then it would be discovered that OpenBSD had |
discovered problem', and then it would be discovered that OpenBSD had |
| been fixed in a previous release). In other cases we have been saved |
been fixed in a previous release). In other cases we have been saved |
|
|
| Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
| ``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
| commonplace in security forums like |
commonplace in security forums like |
| <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
<a href=http://www.securityfocus.com/bugtraq/archive>BUGTRAQ</a>.<p> |
| |
|
| The most intense part of our security auditing happened immediately |
The most intense part of our security auditing happened immediately |
| before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www