Date: Tue, 25 Jun 2002 16:59:04 +1000 From: Tony Landells <ahl@austclear.com.au> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: ahl@austclear.com.au (Tony Landells), freebsd-security@FreeBSD.ORG Subject: Re: Hogwash Message-ID: <200206250659.QAA09566@tungsten.austclear.com.au> In-Reply-To: Message from Darren Reed <avalon@coombs.anu.edu.au> of "Tue, 25 Jun 2002 16:25:18 %2B1000." <200206250625.QAA01010@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
avalon@coombs.anu.edu.au said: > This *is* what they claim to do. Just because it's what they claim it doesn't mean you have to believe them. > Personally, I think their claims are unrealistic and all the hype > about "software audit" is just that - hype. If the OpenSSH team are > working with ISS on a fix then it seems to me that ISS found this > problem, not the OpenSSH team. Why did the audit by the OpenSSH team > miss this problem ? Isn't this what their code audits are meant to > find - security bugs ? What benefit are we *really* getting from > their "code audits" ? One would have thought that was a reasonable goal in performing an audit on a security product. However, if the exploit is based on semantic rather than syntactic errors, then it may have snuck through the audit. As a legal friend of mine says when someone asks for free advice "this will be worth exactly what you pay for it..." I apply the same grain of salt to free software. I had the option of performing my own code audit on OpenSSH. I chose not to. I understand that a lot of people are unhappy at the state of play. Here's a perfect opportunity to choose a different path. Show your displeasure by not using the software. Tony -- Tony Landells <ahl@austclear.com.au> Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206250659.QAA09566>