[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server Compromise -- A Fire Drill ??

On Thursday 04 December 2003 17:43, Tom wrote:
> On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote:
> > ...  That's why the kernel
> > developers thought it was just an ordinary bug: they could see no way
> > to exploit it.
> That statement is somewhat disconcerting.  The hypothesis is that many
> eyes detect secure bugs, and here is clear case evidence contradicting
> that hypothesis.

Actually, the hypothesis is that many eyes detect severe bugs more likely. 
So one severe bug going undetected (or in this case underestimated) 
doesn't disprove the hypothesis. 

> One must assume there are more bugs in this class.

Definitely. Like in every big software-project one must assume there are 
(severe) bugs going undetected. 

"More than machinery we need humanity" -- Charlie Chaplin, The Great 

Attachment: pgp3zH3wnQFGJ.pgp
Description: signature

Reply to: