[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server Compromise -- A Fire Drill ??



On Thursday 04 December 2003 17:43, Tom wrote:
> On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote:
> > ...  That's why the kernel
> > developers thought it was just an ordinary bug: they could see no way
> > to exploit it.
>
> That statement is somewhat disconcerting.  The hypothesis is that many
> eyes detect secure bugs, and here is clear case evidence contradicting
> that hypothesis.

<nitpicking>
Actually, the hypothesis is that many eyes detect severe bugs more likely. 
So one severe bug going undetected (or in this case underestimated) 
doesn't disprove the hypothesis. 
</nitpicking>

>
> One must assume there are more bugs in this class.

Definitely. Like in every big software-project one must assume there are 
(severe) bugs going undetected. 

-- 
"More than machinery we need humanity" -- Charlie Chaplin, The Great 
Dictator

Attachment: pgp3zH3wnQFGJ.pgp
Description: signature


Reply to: