Re: [HERT] Advisory #002 Buffer overflow in lsof

[deraadt () CVS OPENBSD ORG (Theo de Raadt)]

> People who publish bugs/exploits that are not being actively exploited
> *before* giving the vendor a chance to fix the flaws are clearly
> grandstanding.  They're part of the problem -- not the solution.

No.  The problem is badly written code.

It takes me about 2 minutes to find bugs in security related software.

I am assuming that I'm not the only person looking for these kinds of
bugs.

The REAL problem is software package maintainers who do not proactively
audit their software.