oss-sec mailing list archives
Thoughts on Shellshock and beyond
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 7 Oct 2014 11:11:17 +0200
Hi, Yesterday I wrote down some thoughts on Shellshock, Heartbleed and the whole issue of free software security: https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html Basically my key point is: These events caused interest in the sec community and people had a look - and found further issues. My question would be: Can we get that attention somehow *before* an event like shellshock happens? We probably all could name products that could have sec bugs with similar severity. I outlined a vague idea: Would it work if we'd say we make a "sec people, please have a look at software XY"-day? Would people do that? Heartbleed and Shellshock give me the feeling that there probably are, right now, security bugs with simliar severity active on our systems. Let's have a discussion how we can find them. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Tim (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)