On Thursday 04 December 2003 17:43, Tom wrote: > On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote: > > ... That's why the kernel > > developers thought it was just an ordinary bug: they could see no way > > to exploit it. > > That statement is somewhat disconcerting. The hypothesis is that many > eyes detect secure bugs, and here is clear case evidence contradicting > that hypothesis. <nitpicking> Actually, the hypothesis is that many eyes detect severe bugs more likely. So one severe bug going undetected (or in this case underestimated) doesn't disprove the hypothesis. </nitpicking> > > One must assume there are more bugs in this class. Definitely. Like in every big software-project one must assume there are (severe) bugs going undetected. -- "More than machinery we need humanity" -- Charlie Chaplin, The Great Dictator
Attachment:
pgprkCH1P6oo5.pgp
Description: signature