version 1.101, 1999/08/13 12:31:11 |
version 1.102, 1999/08/19 06:57:33 |
|
|
fixing security problems.<p> |
fixing security problems.<p> |
|
|
Like many readers of the |
Like many readers of the |
<a href=http://www.geek-girl.com/bugtraq/index.html> |
<a href=http://www.securityfocus.com/bugtraq/archive> |
BUGTRAQ mailing list</a>, |
BUGTRAQ mailing list</a>, |
we believe in full disclosure of security problems. Security |
we believe in full disclosure of security problems. Security |
information moves very fast in cracker circles. On the other hand, |
information moves very fast in cracker circles. On the other hand, |
|
|
have fixed many simple and obvious careless programming errors in code |
have fixed many simple and obvious careless programming errors in code |
and only months later discovered that the problems were in fact |
and only months later discovered that the problems were in fact |
exploitable. (Or, more likely someone on |
exploitable. (Or, more likely someone on |
<a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a> |
<a href=http://www.securityfocus.com/bugtraq/archive>BUGTRAQ</a> |
would report that other operating systems were vulnerable to a `newly |
would report that other operating systems were vulnerable to a `newly |
discovered problem', and then it would be discovered that OpenBSD had |
discovered problem', and then it would be discovered that OpenBSD had |
been fixed in a previous release). In other cases we have been saved |
been fixed in a previous release). In other cases we have been saved |
|
|
Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
commonplace in security forums like |
commonplace in security forums like |
<a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
<a href=http://www.securityfocus.com/bugtraq/archive>BUGTRAQ</a>.<p> |
|
|
The most intense part of our security auditing happened immediately |
The most intense part of our security auditing happened immediately |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |