oss-sec mailing list archives

Thoughts on Shellshock and beyond

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 7 Oct 2014 11:11:17 +0200

Hi,

Yesterday I wrote down some thoughts on Shellshock, Heartbleed and the
whole issue of free software security:
https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html

Basically my key point is: These events caused interest in the sec
community and people had a look - and found further issues.

My question would be: Can we get that attention somehow *before* an
event like shellshock happens? We probably all could name products that
could have sec bugs with similar severity.

I outlined a vague idea: Would it work if we'd say we make a "sec
people, please have a look at software XY"-day? Would people do that?

Heartbleed and Shellshock give me the feeling that there probably are,
right now, security bugs with simliar severity active on our systems.
Let's have a discussion how we can find them.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
  - Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
    - Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
    - Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 07)
    - Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
    - Re: Thoughts on Shellshock and beyond Tim (Oct 07)
  - Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
  - Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)

(Thread continues...)