"I talked to the CTO of the Linux Foundation to understand the process they have in place to ensure that Tizen OS is safe to use" http://www.infoworld.com/article/3187840/linux/can-you-trust-linux-based-tizen-os.html
On Wed, Apr 5, 2017 at 2:44 AM, Carsten Haitzler <[email protected]> wrote: > On Tue, 4 Apr 2017 15:06:45 +0000 "Schaufler, Casey" > <[email protected]> said: > > > I read the article. The author seems to be basing his claim on finding 40 > > instances of strcpy() in the code. This hardly qualifies as a > sophisticated > > analysis. > > also there are scant details if any. no pointing to specific lines of > code. we > have zero idea of what they found and they haven't shared with us. i have > no > idea who they contacted or what email address but it seems no one on the > tizen > platform team has much idea beyond just a single function in 1 place with 1 > issue (i am not sure if it's exploitable but it certainly could cause a > crash). > > > From: General [mailto:[email protected]] On Behalf Of > Olivier > > Nyssen Sent: Tuesday, April 04, 2017 12:19 AM > > To: Tizen General Mailing List <[email protected]> > > Subject: [Tizen General] Security > > > > Hello, > > > > An interesting article about Tizen: > > "It may be the worst code I've ever seen," he told Motherboard in > advance of > > a talk about his research that he is scheduled to deliver at Kaspersky > Lab's > > Security Analyst Summit<https://sas.kaspersky.com/> on the island of St. > > Maarten on Monday. "Everything you can do wrong there, they do it. You > can > > see that nobody with any understanding of security looked at this code or > > wrote it. It's like taking an undergraduate and letting him program your > > software." > > https://motherboard.vice.com/en_us/article/samsung-tizen- > operating-system-bugs-vulnerabilities > > > > Regards, > > Olivier > > > -- > Carsten Haitzler (The Rasterman) <[email protected]> >
_______________________________________________ General mailing list [email protected] https://lists.tizen.org/listinfo/general
