version 1.17, 1998/02/19 22:44:19 |
version 1.18, 1998/02/19 22:50:12 |
|
|
approaches towards fixing security problems. |
approaches towards fixing security problems. |
|
|
<p> |
<p> |
Like most members of the |
|
|
Like most readers of the |
<a href=http://www.geek-girl.com/bugtraq/index.html> |
<a href=http://www.geek-girl.com/bugtraq/index.html> |
BUGTRAQ mailing list (which rarely sees OpenBSD security reports |
BUGTRAQ mailing list</a>, |
these days :-)</a>, |
we believe in full disclosure of security problems. We believe that |
we believe in full disclosure of security problems. We have found |
security information moves very fast in crackers circles. Our |
that the coding of proper fixes to security problems typically only |
experience shows that coding and release of proper security fixes |
requires about 4-5 minutes of coding. Thus we typically have fixes |
typically requires about an hour of work resulting in very fast fix |
available extremely quickly. |
turnaround. Thus we think that full disclosure helps the people who |
|
really care about security. |
|
|
<p> |
<p> |
|
|