From: Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP>
Subject: [OT] OpenBSD, was: Re: OpenSSL development (Heartbleed)
Date: Sat, 19 Apr 2014 21:10:23 +0000 (UTC)
Date: 2014-04-19T21:10:23+00:00 [thread overview]
Message-ID: <liuonu$i3r$1@dont-email.me> (raw)
In-Reply-To: gfadnaRgQ9iuf8_OnZ2dnUVZ_o-dnZ2d@giganews.com
On 2014-04-19, Alan Browne <alan.browne@FreelunchVideotron.ca> wrote:
> On 2014.04.19, 16:20 , Georg Bauhaus wrote:
>> OTOH, and bringing this back to Ada, the CVE sites state quite
>> openly that most of the issues have to do with int, malloc,
>> computed pointers, and assumptions that are not reflected in all
>> of these (overflow, say).
>
> QUOTE
> Theo de Raadt, founder and leader of the OpenBSD and OpenSSH projects,
> has criticized the OpenSSL developers for writing their own memory
> management routines and thereby circumventing OpenBSD C standard library
> exploit countermeasures, saying "OpenSSL is not developed by a
> responsible team."
> ENDQUOTE
>
> Ironic that one Open team leader is criticizing another <g>
>
Not if you know what Theo is like. :-)
> But, he may be right.
>
> Would he subject his teams to a more rigorous process? To Ada?
>
Yes to the first; unknown on the second.
OpenBSD has a reputation as a reasonably secure (by Unix standards)
operating system precisely due to the auditing the OpenBSD team
carries out.
Note that this is a reputation based assessment; I don't have much
direct experience with OpenBSD.
Some reading you may find of interest:
http://www.openbsd.org/security.html
Simon.
--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
next prev parent reply other threads:[~2014-04-19 21:10 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-19 14:31 OpenSSL development (Heartbleed) Alan Browne
2014-04-19 15:06 ` Nasser M. Abbasi
2014-04-19 15:41 ` Alan Browne
2014-04-19 15:36 ` Georg Bauhaus
2014-04-19 16:00 ` Yannick Duchêne (Hibou57)
2014-04-19 16:34 ` Georg Bauhaus
2014-04-19 17:06 ` Yannick Duchêne (Hibou57)
2014-04-19 19:13 ` Georg Bauhaus
2014-04-19 20:39 ` Yannick Duchêne (Hibou57)
2014-04-19 19:42 ` Alan Browne
2014-04-21 23:51 ` Randy Brukardt
2014-04-22 15:20 ` G.B.
2014-04-22 16:33 ` Dmitry A. Kazakov
2014-04-22 16:57 ` Simon Clubley
2014-04-22 19:53 ` Dmitry A. Kazakov
2014-04-22 20:49 ` Yannick Duchêne (Hibou57)
2014-04-23 5:38 ` Natasha Kerensikova
2014-04-23 7:30 ` Dmitry A. Kazakov
2014-04-23 7:40 ` Natasha Kerensikova
2014-04-23 8:04 ` Dmitry A. Kazakov
2014-04-23 8:20 ` Georg Bauhaus
2014-04-23 7:42 ` Egil H H
2014-04-23 8:06 ` Georg Bauhaus
2014-04-19 16:06 ` Alan Browne
2014-04-19 16:42 ` Georg Bauhaus
2014-04-19 16:59 ` Georg Bauhaus
2014-04-19 19:12 ` Alan Browne
2014-04-19 20:20 ` Georg Bauhaus
2014-04-19 20:53 ` Alan Browne
2014-04-19 21:10 ` Simon Clubley [this message]
2014-04-19 21:53 ` [OT] OpenBSD, was: " Alan Browne
2014-04-19 22:15 ` Nasser M. Abbasi
2014-04-19 22:34 ` Alan Browne
2014-04-20 8:17 ` Georg Bauhaus
2014-04-20 16:49 ` Alan Browne
2014-04-22 12:18 ` G.B.
2014-04-19 15:47 ` Yannick Duchêne (Hibou57)
2014-04-19 16:21 ` Alan Browne
2014-04-19 16:46 ` Georg Bauhaus
2014-04-19 19:22 ` Alan Browne
2014-04-19 20:33 ` Georg Bauhaus
2014-04-19 21:10 ` Alan Browne
2014-04-19 16:50 ` Yannick Duchêne (Hibou57)
2014-04-19 19:25 ` Alan Browne
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox