Date: Tue, 7 Oct 2014 11:11:17 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Thoughts on Shellshock and beyond Hi, Yesterday I wrote down some thoughts on Shellshock, Heartbleed and the whole issue of free software security: https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html Basically my key point is: These events caused interest in the sec community and people had a look - and found further issues. My question would be: Can we get that attention somehow *before* an event like shellshock happens? We probably all could name products that could have sec bugs with similar severity. I outlined a vague idea: Would it work if we'd say we make a "sec people, please have a look at software XY"-day? Would people do that? Heartbleed and Shellshock give me the feeling that there probably are, right now, security bugs with simliar severity active on our systems. Let's have a discussion how we can find them. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.