Date: Fri, 14 Jul 2000 14:58:22 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: security@freebsd.org Subject: Re: Displacement of Blame[tm] Message-ID: <Pine.GSO.3.96.1000714143843.5945A-100000@roble2.roble.com>
next in thread | raw e-mail | index | archive | help
On Thu, 13 Jul 2000, Brett Glass wrote: > At the very least, we should make sure > that people who try to count bugs automatically by monitoring Bugtraq > posts do not attribute bugs in ported software to FreeBSD. Brett's made an excellent point. It's important to keep in mind that people evaluating operating system security are, by definition, not familiar with that operating system. Usually they are managers and other marginally technical types, not the gurus who read this list (assuming they could find it). Even to the technically semi-literate it is still difficult to distinguish port vulnerabilities with OS vulnerabilities. The FreeBSD moniker is too prominently displayed at the top of each advisory for that. This much is clear from the non-techies I've spoken with. Perhaps what we need are "BSD Port" advisories instead of "FreeBSD" advisories? Shoot the messinger(s) if you wish, but be prepared for the results (i.e., declining customer base). Then again, given the lack of civility displayed in this thread, maybe the OS does have some real weaknesses... -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.1000714143843.5945A-100000>