| version 1.15, 1998/02/19 22:37:51 |
version 1.16, 1998/02/19 22:41:42 |
|
|
| these new flaws in mind. |
these new flaws in mind. |
| |
|
| <p> |
<p> |
| Our security auditing proces is a proactive one. In almost all cases |
Another facet of our security auditing process is it's proactiveness. |
| we have found that exploitability is not an issue. We have fixed many |
In almost all cases we have found that the determination of |
| simple and obvious careless programming errors in code and then only |
exploitability is not an issue. During our auditing process we find |
| months later discovered that the problems were in fact exploitable. |
many bugs, and endeavor to simply fix them even though exploitability |
| The proactive auditing process has really paid off. Statements like |
is not proven. We have fixed many simple and obvious careless |
| ``This problem was fixed in OpenBSD about 6 months ago'' have become |
programming errors in code and then only months later discovered that |
| commonplace in security forums like BUGTRAQ. |
the problems were in fact exploitable. This proactive auditing |
| |
process has really paid off. Statements like ``This problem was fixed |
| |
in OpenBSD about 6 months ago'' have become commonplace in security |
| |
forums like BUGTRAQ. |
| |
|
| <p> |
<p> |
| The auditing process is not over yet, and as you can see we continue |
The auditing process is not over yet, and as you can see we continue |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www