=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- www/security.html 1998/02/19 22:26:58 1.14 +++ www/security.html 1998/02/19 22:37:51 1.15 @@ -33,9 +33,10 @@ available extremely quickly.

+ Our security auditing team typically has between six and twelve -members, and most of us continually search for and fix security holes. -We have been auditing for approximately two years. The process we +members, and most of us continually search for and fix new security +holes. We have been auditing since the summer of 1997. The process we followed to increase security was simply a comprehensive file-by-file analysis of every critical software component. Flaws were found in just about every area of the system. Entire new classes of security @@ -44,6 +45,15 @@ these new flaws in mind.

+Our security auditing proces is a proactive one. In almost all cases +we have found that exploitability is not an issue. We have fixed many +simple and obvious careless programming errors in code and then only +months later discovered that the problems were in fact exploitable. +The proactive auditing process has really paid off. Statements like +``This problem was fixed in OpenBSD about 6 months ago'' have become +commonplace in security forums like BUGTRAQ. + +

The auditing process is not over yet, and as you can see we continue to find and fix new security flaws. @@ -87,7 +97,7 @@

This site Copyright © 1996, 1997 OpenBSD.
-$OpenBSD: security.html,v 1.14 1998/02/19 22:26:58 deraadt Exp $ +$OpenBSD: security.html,v 1.15 1998/02/19 22:37:51 deraadt Exp $