[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Nov 2014 12:34:15 -0500 (EST)
From: "David A. Wheeler" <dwheeler@...eeler.com>
To: "oss-security" <oss-security@...ts.openwall.com>
Subject: Apple goto fail - lessons that should be learned
I recently looked at Apple's "goto fail" vulnerability
revealed back in February this year, to see what could or should have
been done to find the vulnerability BEFORE the code was released to users.
You can see the result here:
http://www.dwheeler.com/essays/apple-goto-fail.html
As always, if there are additional measures, let me know.
I've previously done this exercise with:
* Heartbleed: http://www.dwheeler.com/essays/heartbleed.html
* Shellshock: http://www.dwheeler.com/essays/shellshock.html
* POODLE: http://www.dwheeler.com/essays/poodle-sslv3.html
My hope is that everyone involved in software development and/or
security analysis will get better at countering or detecting
vulnerabilities *before* they get out to users. Learning from the past
seems like a way to help get there.
--- David A. Wheeler
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
