Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Oct 2014 07:15:56 -0400
From: Jason Cooper <>
Subject: Re: Healing the bash fork

On Wed, Oct 01, 2014 at 01:08:09PM +0200, Hanno Böck wrote:
> Am Tue, 30 Sep 2014 19:19:55 -0400 (EDT)
> schrieb "David A. Wheeler" <>:
> > Finally: *PLEASE* let me know if you have any good ideas on how to
> > find vulnerabilities like this ahead-of-time. My article "How to
> > Prevent the Next
> > Hearbleed" ( lists a
> > number of ways that Heartbleed-like vulnerabilities could have been
> > detected ahead-of-time, in ways that are general enough to be
> > useful.  I'd like to do the same with Shellshock, so we can quickly
> > eliminate a whole class of problems.
> The "class of problems" here is imho that we have a bunch of tools that
> get rare attention from anyone, are run by few volunteers, but they're
> an essential part in running the Internet.
> Just think about busybox, curl, wget, coreutils, gettext, gzip, ... - a
> vuln in any of these could have severe consequences.
> Maybe the topic here should be: "How can we get the (whitehat) IT
> seucrity community to have a deeper look at neglected but important
> opensource projects."

The LF has the Core Infrastructure Initiative:



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ