Dailydave mailing list archives
Re: Anonymized posting
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 09 Jun 2004 16:22:49 -0500
On Wed, 2004-06-09 at 16:04, Dave Aitel wrote:
[...] The question now is - is CVS safe to use? [...] If you're killing bugs as a legitimate effort to make something secure, you need to realize that unless you can stand behind your releases and say that "this software is now secure" you aren't doing anything.
Aw, come on Dave. Be serious now. People find bugs in certain areas of code and correct them. Can they attest that the rest of the code is secure? Of course not! Neither can you or any other developer, not even Microsoft. They can say "it is safe as far as they can tell" but that is it. I mean, even if e-Matters or whoever does a complete source code review of CVS, they can only say it's safe as far as they know. It doesn't mean that other folks might not find bugs anymore when they look at it. Of course they might find some because they look at code differently, or just stumble upon something that was simply overlooked. Making it sounds like they are a complete waste of Internet resources and scum of the earth is hardly the proper way to encourage code review, don't you think? That said, I do share your frustration with advisory pimps that want to keep the mystique of Internet security alive, donning the cape of a superhero shrouded in a veil of supreme half-knowledge. Perhaps I should write my own advisory know listing the bugs e-Matter and the other folks found. Coming to think of it, perhaps I should rewrite every advisory that crosses the list... :) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- anonymized posting Dave Aitel (May 11)
- <Possible follow-ups>
- Anonymized posting Dave Aitel (May 28)
- RE: Anonymized posting Jason Hooper (May 28)
- RE: Anonymized posting Thor Larholm (May 28)
- Re: Anonymized posting Dave Aitel (May 28)
- Anonymized posting Dave Aitel (Jun 09)
- Re: Anonymized posting wirepair (Jun 09)
- Re: Anonymized posting Frank Knobbe (Jun 09)
- Re: Anonymized posting Evgeny Demidov (Jun 09)