On Thursday 04 December 2003 12:17 pm, Dave wrote: > On Thu, 04 Dec 2003 18:00:18 +0100, Tom <[EMAIL PROTECTED]> wrote: > >On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote: > >> ... That's why the kernel > >> developers thought it was just an ordinary bug: they could see no way to > >> exploit it. > > > >That statement is somewhat disconcerting. The hypothesis is that many > >eyes detect secure bugs, and here is clear case evidence contradicting > >that hypothesis. > > There is no contradiction. Many eyes detect most security problems, but > not all. This is certainly better than just a few eyes with access to > proprietary code.
There is also the point that *somebody* found this bug. Just not the folks we were hoping would. ;-) Letting real crackers hammer your system is another way to find bugs, although we hope it's a last resort. -- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]