Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Oct 2014 13:31:09 +0400
From: Loganaden Velvindron <loganaden@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Thoughts on Shellshock and beyond

On Tue, Oct 7, 2014 at 1:11 PM, Hanno Böck <hanno@...eck.de> wrote:
> Hi,
>
> Yesterday I wrote down some thoughts on Shellshock, Heartbleed and the
> whole issue of free software security:
> https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html
>
> Basically my key point is: These events caused interest in the sec
> community and people had a look - and found further issues.
>
> My question would be: Can we get that attention somehow *before* an
> event like shellshock happens? We probably all could name products that
> could have sec bugs with similar severity.
>
> I outlined a vague idea: Would it work if we'd say we make a "sec
> people, please have a look at software XY"-day? Would people do that?
>
> Heartbleed and Shellshock give me the feeling that there probably are,
> right now, security bugs with simliar severity active on our systems.
> Let's have a discussion how we can find them.
>

OpenBSD has been pretty successful at building a secure Operating
System. I think that their approach works pretty well. By looking at
what they are doing, this might give insight on how to increase
interest in doing code audits in other Open Source projects.



> cu,
> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@...eck.de
> GPG: BBB51E42



-- 
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.