Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: cbell () JAYHAWKS NET (Christofer C. Bell)
Date: Sat, 8 Jul 2000 14:16:53 -0500

On Sat, 8 Jul 2000, Bluefish wrote:


To fix bugs in operating systems and other software commonly analyzed
by "the security community" is important, but there are tons of other
programs out there which will end up containing bugs if left to people
with little knowledge of security write them.


This is a very good point, it's much easier to analyize software when you
can clear box test it, beat on the program and read the source then when
you have to bloack box it and simply beat on the software and see what
happens.

This is a downfall of proprietary software, that only a small segment of
the population has access to the source code to audit things like this,
and the developers who are under pressure from release schedules don't
have time to do this auditing.

Since not all software can be Open Source, it's absolutely necessary that
software development houses audit their code effectively.  I'm just not
sure that can happen to the degree necessary.

--
Chris
Previous By Date Next
Previous By Thread Next

Current thread: