[Gloucs] February's Presentation - this Tuesday

[William Roe]

On Monday, Feb 24, 2003, at 19:03 Europe/London, Guy Edwards wrote:

> On Mon, 2003-02-24 at 18:50, Mark wrote:
>>
>>> What about OpenBSD, they audit their code for security bugs 
>>> regularly,
>>> so they fix them before they become a problem. They call this
>>> 'proactive'
>>
>> I'd Love to not chuckle there Will but If I had anywhere near the
>> authority to release the BSD kernel code vuln's then I would bring 
>> them
>> tomorrow,however thats a matter for the PHC to release... look out for
>> it in the next 6 months. along with a number of other turns at ring-0
>> exploits.
>
> (For people that don't have enough time to google
> PHC = Phrack High Council
> ring-0 = full access to the computers resources)
>
> Aren't there always undisclosed vulnerabilities waiting to be patched
> and announced though? I seem to remember all the Linux Vendors getting
> very upset when Redhat accidentally released a patch early that was
> supposed to be kept quiet in co-operation with all the other
> distribution vendors for a set release date.

Seems I would side with Red Hat there as opposed to keeping things
quiet and letting people use insecure software. Grrr!

>
> Also, I thought the OpenBSD guys were the ones that did a massive (long
> term) code freeze just to look for and fix potential security
> vulnerabilities and ended up with one of the most secure lumps of code
> there is?

They do it regularly as I referred to. I cannot seriously believe that 
Linux is
more secure than, well, any BSD (I don't count OS X there, *cough*)

Will
>
> Guy
>
>
>
>
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
>