i second that...yet we obviously need to figure out better ways to audit the code...maybe some kind of security-oriented unit-test framework ? ( dont'know if it exists already, and if it does, maybe that it's already employed for the OpenBSD project...dunno )
WintermeW Le 15 déc. 2010 à 20:59, p...@jabea.net a écrit : > In my own opinion, when the code hit the stable release, I doubt that > after the code is audited at 100% unless someone add a new feature to that > part or a bug is found in that code part. All that due to the complexity > to understand the code, all that energy is better invested to make new > features and to remove existing bug. > > Thats why IMO for that disclosure. (to put the focust on that code part) > > > > -phil > >> --On December 14, 2010 8:40:14 PM -0500 b...@fbi.dhs.org wrote: >> >>> Hi, >>> >>> Has anyone read this yet? >>> >>> http://www.downspout.org/?q=node/3 >>> >>> Seems IPSEC might have a back door written into it by the FBI? >>> >> >> So for 10 years IPSEC has had a backdoor in it and not one person >> examining >> the code has noticed it? Or even questioned it? That's a bit hard to >> believe. It's along the same lines as the stories that Microsoft captures >> all your packets and harvests your personal information. >> >> Read The Cathedral and The Bazaar. >> >> -- >> Paul Schmehl, Senior Infosec Analyst >> As if it wasn't already obvious, my opinions >> are my own and not those of my employer. >> ******************************************* >> "It is as useless to argue with those who have >> renounced the use of reason as to administer >> medication to the dead." Thomas Jefferson >> "There are some ideas so wrong that only a very >> intelligent person could believe in them." George Orwell >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/