From owner-freebsd-security  Mon Feb 10 13:15:46 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id NAA25523
          for security-outgoing; Mon, 10 Feb 1997 13:15:46 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA25518
          for <freebsd-security@freebsd.org>; Mon, 10 Feb 1997 13:15:39 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vu34M-0005Rv-00; Mon, 10 Feb 1997 14:15:22 -0700
To: Marc Slemko <marcs@znep.com>
Subject: Re: Don't fulminate, be productive 
Cc: tqbf@enteract.com, freebsd-security@freebsd.org
In-reply-to: Your message of "Mon, 10 Feb 1997 02:24:35 MST."
		<Pine.BSF.3.95.970210021858.11077f-100000@alive.ampr.ab.ca> 
References: <Pine.BSF.3.95.970210021858.11077f-100000@alive.ampr.ab.ca>  
Date: Mon, 10 Feb 1997 14:15:22 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vu34M-0005Rv-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSF.3.95.970210021858.11077f-100000@alive.ampr.ab.ca> Marc Slemko writes:
: 90% of security holes are easy to find in stuff like FreeBSD right now.
: When the obvious ones get fixed, it will be more like 90% being hard to
: find.

I'd wager that about 95% of the security problems in FreeBSD could
solved by going over the OpenBSD cvs logs carefully  and applying
those patches.  Theo and co have been very careful in their audits of
their programs.

Warner