| version 1.93, 1999/04/18 02:34:01 |
version 1.94, 1999/04/20 08:23:32 |
|
|
| in mind. Code often gets audited multiple times, and by multiple |
in mind. Code often gets audited multiple times, and by multiple |
| people with different auditing skills.<p> |
people with different auditing skills.<p> |
| |
|
| Some members of our security auditing team work for |
Some members of our security auditing team worked for Secure Networks, |
| <a href=http://www.secnet.com>Secure Networks</a>, the company that |
the company that made the industry's premier network security scanning |
| makes the industry's premier network security scanning software |
software package Ballista (Secure Networks got purchased by Network |
| package Ballista. |
Associates, Ballista got renamed to Cybercop Scanner, and well...) |
| This company does a lot of security research, and this fits in well |
That company did a lot of security research, and thus fit in well |
| with the OpenBSD stance. OpenBSD passes Ballista's tests with flying |
with the OpenBSD stance. OpenBSD passes Ballista's tests with flying |
| colours.<p> |
colours.<p> |
| |
|
|
|
| been fixed in a previous release). In other cases we have been saved |
been fixed in a previous release). In other cases we have been saved |
| from full exploitability of complex step-by-step attacks because we |
from full exploitability of complex step-by-step attacks because we |
| had fixed one of the intermediate steps. An example of where we |
had fixed one of the intermediate steps. An example of where we |
| managed such a success is the |
managed such a success is the lpd advisory that Secure Networks put out. |
| <a href=http://www.secnet.com/sni-advisories/sni-19.bsd.lpd.advisory.html> |
<p> |
| lpd advisory from Secure Networks.</a><p> |
|
| |
|
| Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
| ``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
|
|
| |
|
| <p> |
<p> |
| <h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
<h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
| Other security advisories that have (in the past) affected OpenBSD can |
|
| be found at the <a href=http://www.secnet.com/nav1.html>Secure Networks archive</a>. |
|
| Some OpenBSD audit team members worked with Secure Networks on discovering |
|
| and solving the problems detailed in some of their security advisories. |
|
| |
|
| <p> If you find a new security problem, you can mail it to |
<p> If you find a new security problem, you can mail it to |
| <a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www