Vulnerability Development mailing list archives
Re: BitchX /ignore bug
From: cbell () JAYHAWKS NET (Christofer C. Bell)
Date: Sat, 8 Jul 2000 14:16:53 -0500
On Sat, 8 Jul 2000, Bluefish wrote:
To fix bugs in operating systems and other software commonly analyzed by "the security community" is important, but there are tons of other programs out there which will end up containing bugs if left to people with little knowledge of security write them.
This is a very good point, it's much easier to analyize software when you can clear box test it, beat on the program and read the source then when you have to bloack box it and simply beat on the software and see what happens. This is a downfall of proprietary software, that only a small segment of the population has access to the source code to audit things like this, and the developers who are under pressure from release schedules don't have time to do this auditing. Since not all software can be Open Source, it's absolutely necessary that software development houses audit their code effectively. I'm just not sure that can happen to the degree necessary. -- Chris
Current thread:
- Re: The AOL Spyware, (continued)
- Re: The AOL Spyware Mikael Olsson (Jul 08)
- Re: The AOL Spyware info (Jul 13)
- Re: BitchX /ignore bug Bluefish (Jul 07)
- Re: BitchX /ignore bug Slawek (Jul 07)
- Re: BitchX /ignore bug Arturo Busleiman (Jul 07)
- Re: BitchX /ignore bug Crispin Cowan (Jul 07)
- Re: BitchX /ignore bug Hogenberg, Richard (Jul 07)
- Re: BitchX /ignore bug Bluefish (Jul 07)
- Re: BitchX /ignore bug Schlachter, Jake (Jul 07)
- Re: BitchX /ignore bug Bluefish (Jul 08)
- Re: BitchX /ignore bug Christofer C. Bell (Jul 08)
- Re: BitchX /ignore bug Erich Meier (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 07)
- Re: BitchX /ignore bug Juan M. Courcoul (Jul 07)
- remote exploit Jim Stickley (Jul 07)
- Re: remote exploit Bluefish (Jul 08)
- Re: remote exploit Gerardo Richarte (Jul 10)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)