From owner-freebsd-security Thu Mar 11 21:16:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id D94F614F8C for ; Thu, 11 Mar 1999 21:16:14 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id VAA90743; Thu, 11 Mar 1999 21:15:18 -0800 (PST) From: Archie Cobbs Message-Id: <199903120515.VAA90743@bubba.whistle.com> Subject: Re: disapointing security architecture In-Reply-To: <199903120052.NAA09299@aniwa.sky> from Andrew McNaughton at "Mar 12, 99 01:52:21 pm" To: andrew@squiz.co.nz (Andrew McNaughton) Date: Thu, 11 Mar 1999 21:15:18 -0800 (PST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew McNaughton writes: > > I'm also interested. However, if I recall correctly, the problem last time > > was that nobody actually sat down and did the work. There were plenty of > > ideas, but when it came to the crunch, nobody wanted to put in the effort. > > > > Nick > > As I recall, discussion turned to concerns over who was qualified to do the work, which seemed rather silly. No security auditing project is going to be complete. No auditor is going to be perfect. Every bit counts. Here's an idea.. FreeBSD could pay for a 3rd party security audit of a stock FreeBSD system. Peter Shipley did this for Whistle and the InterJet (a "black box" approach). No problems were found but it was good to know that :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message