oss-sec mailing list archives
Apple goto fail - lessons that should be learned
From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Wed, 26 Nov 2014 12:34:15 -0500 (EST)
I recently looked at Apple's "goto fail" vulnerability revealed back in February this year, to see what could or should have been done to find the vulnerability BEFORE the code was released to users. You can see the result here: http://www.dwheeler.com/essays/apple-goto-fail.html As always, if there are additional measures, let me know. I've previously done this exercise with: * Heartbleed: http://www.dwheeler.com/essays/heartbleed.html * Shellshock: http://www.dwheeler.com/essays/shellshock.html * POODLE: http://www.dwheeler.com/essays/poodle-sslv3.html My hope is that everyone involved in software development and/or security analysis will get better at countering or detecting vulnerabilities *before* they get out to users. Learning from the past seems like a way to help get there. --- David A. Wheeler
Current thread:
- Apple goto fail - lessons that should be learned David A. Wheeler (Nov 26)
- Re: Apple goto fail - lessons that should be learned Hanno Böck (Nov 26)
- Re: Apple goto fail - lessons that should be learned David A. Wheeler (Nov 26)
- Re: Apple goto fail - lessons that should be learned Hanno Böck (Nov 26)