cbellJAYHAWKS.NET

• Next message: Vincent Zweije: "Re: apache and 404/404 status codes"
• Previous message: Bluefish: "Re: remote exploit"
• In reply to: Bluefish: "Re: BitchX /ignore bug"
• Next in thread: Erich Meier: "Re: BitchX /ignore bug"
• Next in thread: Matthew S. Hallacy: "Re: BitchX /ignore bug"
• Reply: Christofer C. Bell: "Re: BitchX /ignore bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 8 Jul 2000, Bluefish wrote:

> To fix bugs in operating systems and other software commonly analyzed
> by "the security community" is important, but there are tons of other
> programs out there which will end up containing bugs if left to people
> with little knowledge of security write them.

This is a very good point, it's much easier to analyize software when you
can clear box test it, beat on the program and read the source then when
you have to bloack box it and simply beat on the software and see what
happens.

This is a downfall of proprietary software, that only a small segment of
the population has access to the source code to audit things like this,
and the developers who are under pressure from release schedules don't
have time to do this auditing.

Since not all software can be Open Source, it's absolutely necessary that
software development houses audit their code effectively. I'm just not
sure that can happen to the degree necessary.

--
Chris

• Next message: Vincent Zweije: "Re: apache and 404/404 status codes"
• Previous message: Bluefish: "Re: remote exploit"
• In reply to: Bluefish: "Re: BitchX /ignore bug"
• Next in thread: Erich Meier: "Re: BitchX /ignore bug"
• Next in thread: Matthew S. Hallacy: "Re: BitchX /ignore bug"
• Reply: Christofer C. Bell: "Re: BitchX /ignore bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]