version 1.93, 1999/04/18 02:34:01 |
version 1.94, 1999/04/20 08:23:32 |
|
|
in mind. Code often gets audited multiple times, and by multiple |
in mind. Code often gets audited multiple times, and by multiple |
people with different auditing skills.<p> |
people with different auditing skills.<p> |
|
|
Some members of our security auditing team work for |
Some members of our security auditing team worked for Secure Networks, |
<a href=http://www.secnet.com>Secure Networks</a>, the company that |
the company that made the industry's premier network security scanning |
makes the industry's premier network security scanning software |
software package Ballista (Secure Networks got purchased by Network |
package Ballista. |
Associates, Ballista got renamed to Cybercop Scanner, and well...) |
This company does a lot of security research, and this fits in well |
That company did a lot of security research, and thus fit in well |
with the OpenBSD stance. OpenBSD passes Ballista's tests with flying |
with the OpenBSD stance. OpenBSD passes Ballista's tests with flying |
colours.<p> |
colours.<p> |
|
|
|
|
been fixed in a previous release). In other cases we have been saved |
been fixed in a previous release). In other cases we have been saved |
from full exploitability of complex step-by-step attacks because we |
from full exploitability of complex step-by-step attacks because we |
had fixed one of the intermediate steps. An example of where we |
had fixed one of the intermediate steps. An example of where we |
managed such a success is the |
managed such a success is the lpd advisory that Secure Networks put out. |
<a href=http://www.secnet.com/sni-advisories/sni-19.bsd.lpd.advisory.html> |
<p> |
lpd advisory from Secure Networks.</a><p> |
|
|
|
Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
|
|
|
|
<p> |
<p> |
<h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
<h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
Other security advisories that have (in the past) affected OpenBSD can |
|
be found at the <a href=http://www.secnet.com/nav1.html>Secure Networks archive</a>. |
|
Some OpenBSD audit team members worked with Secure Networks on discovering |
|
and solving the problems detailed in some of their security advisories. |
|
|
|
<p> If you find a new security problem, you can mail it to |
<p> If you find a new security problem, you can mail it to |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |