On Saturday, 12 April 2014 at 18:36:19 UTC, Marco Leise wrote:
Am Fri, 11 Apr 2014 09:59:45 +0000
schrieb "Chris" <[email protected]>:
In a way it's scary how vulnerable software we rely on still
is. I cannot claim that my software is immune to attacks, but
where security is crucial, one would expect self-critical
scrutiny rather than complacency. But we're all only human.
+1. My naive assumption was that something like SSH is
implemented once and then bugs are fixed, so it can only ever
become safer. I found it astounding that this library was
totally sane only 2 years ago. One innocent commit is all it
took and it can happen again for any software, any time.
If crackers keep their eyes open they _will_ find their next
backdoor.
I don't remember if this has been already posted here in the
forum, but I think that this rant of Theo de Raadt about
heartbleed is _very_ interesting.
http://article.gmane.org/gmane.os.openbsd.misc/211963
TBW, I agree with him: it's not a matter of scrutiny or a matter
of being human, and the post clarify this very well.
