Date: Thu, 13 Jul 2000 23:52:12 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Brett Glass <brett@lariat.org> Cc: Jan Koum <jkb@ethereal.net>, security@FreeBSD.ORG, Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG> Subject: Re: Displacement of Blame[tm] Message-ID: <Pine.NEB.3.96L.1000713234733.78016B-100000@fledge.watson.org> In-Reply-To: <4.3.2.7.2.20000713191253.04ba03e0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Jul 2000, Brett Glass wrote: > Let's be fair. They're not idiots, and I think we can help them (and > ourselves) at least a little. At the very least, we should make sure > that people who try to count bugs automatically by monitoring Bugtraq > posts do not attribute bugs in ported software to FreeBSD. Brett, When the figures came out, a number of members of the FreeBSD development team contacted the folks at Security Focus and met with a very positive and understanding response. One thing that will make a difference in the accounting of security advisory rate is our recent subject change, making it easy for the gatherers of statistics to distinguish the types of advisories. I think you can rest assured that we maintain a positive working relationship with Security Focus and endeavour to provide accurate reports to them of security issues in FreeBSD, as well as help them maintain their high level of accuracy in their reporting of security issues and incidents. One aspect of security education for our users needs to be learning to distinguish "lots of advisories" with "lots of holes". If your customers are in doubt, explain to them that these holes existing in many of not all of the other free operating systems. Just as we have educated our users about the benefits of open source, we can help them understand the admittedly complex technical and social issues associated with computer security. Yes, there may be an up-front reaction against "tell everyone about the security problems of the world," but maybe that reaction is a lot like the, "open source software is unreliable and unsupported." Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000713234733.78016B-100000>