nanog mailing list archives
Re: RES: Exploits start against flaw that could hamstring huge swaths
From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Tue, 4 Aug 2015 23:21:00 +0200
Den 04/08/2015 19.18 skrev "Christopher Morrow" <morrowc.lists () gmail com>:
On Tue, Aug 4, 2015 at 12:51 PM, Baldur Norddahl <baldur.norddahl () gmail com> wrote:On 4 August 2015 at 18:48, Joe Greco <jgreco () ns sol net> wrote:However, the original point was that switching from BIND to Unbound or other options is silly, because you're just trading one codebase for another, and they all have bugs.It is equally silly to assume that all codebase are the same quality and have equally many bugs. Maybe we should be looking at the track record
of
those two products and maybe we should let someone do a code review. And then choose based on that.because: 1) historical results matter here? (who looked at which products over what period of time, with what attention to detail(s) and which sets of goals?) 2) the single person doing a code review is likely to see all of the problems in each of the products selected?
Maybe not but a code review can tell what methods are used to safe guard against security bugs, the general quality of the code, the level of automated testing etc. History can give hints to the same. If it had a lot of bugs discovered it is likely it is not good quality in a security perspective and more bugs can be expected. It is called due diligence. The aim is not to find the bugs but to evaluate the product. Regards Baldur
Current thread:
- Re: RES: Exploits start against flaw that could hamstring huge swaths of, (continued)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Barry Shein (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Valdis . Kletnieks (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Joe Abley (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Randy Bush (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Joel Maslak (Aug 04)
- RES: RES: Exploits start against flaw that could hamstring huge swaths of Leonardo Oliveira Ortiz (Aug 06)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Jay Ashworth (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Joe Greco (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Baldur Norddahl (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Christopher Morrow (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths Baldur Norddahl (Aug 04)
- Re: RES: Exploits start against flaw that could hamstring huge swaths of Valdis . Kletnieks (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Mark Andrews (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Damian Menscher via NANOG (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Joe Abley (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)