Date: Wed, 26 Nov 2014 12:34:15 -0500 (EST) From: "David A. Wheeler" <dwheeler@...eeler.com> To: "oss-security" <oss-security@...ts.openwall.com> Subject: Apple goto fail - lessons that should be learned I recently looked at Apple's "goto fail" vulnerability revealed back in February this year, to see what could or should have been done to find the vulnerability BEFORE the code was released to users. You can see the result here: http://www.dwheeler.com/essays/apple-goto-fail.html As always, if there are additional measures, let me know. I've previously done this exercise with: * Heartbleed: http://www.dwheeler.com/essays/heartbleed.html * Shellshock: http://www.dwheeler.com/essays/shellshock.html * POODLE: http://www.dwheeler.com/essays/poodle-sslv3.html My hope is that everyone involved in software development and/or security analysis will get better at countering or detecting vulnerabilities *before* they get out to users. Learning from the past seems like a way to help get there. --- David A. Wheeler
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.