Torvalds attacks IT industry 'security circus'

["Richard M. Smith" <rms () computerbytesman com>]

http://news.cnet.com/2100-1007-6243900.html?tag=nefd.top
 
Linux creator Linus Torvalds has labeled makers of the OpenBSD operating
system a "bunch of masturbating monkeys," as part of a wider critique of
what he said was self-centered behavior in the IT security industry. 

In an e-mail to the Linux kernel developer mailing list, Torvalds said a
section of the security industry was dedicated to finding bugs in software
only to publicize their findings and gain notoriety. 

The row erupted in the Gmane mailing list after a developer for the PaX
Team, which patches the Linux kernel, accused Torvalds and other top Linux
kernel developers of "covering up (the) security impact of bugs" by not
clearly labeling them as security flaws. 

Torvalds wrote that disclosing the bug itself was enough, without having to
label each individual security flaw. He added that taking the bugs to the
"security circus" level only glorified the wrong kind of behavior. "It makes
heroes out of security people, as if the people who...fix normal bugs aren't
as important," wrote Torvalds. 

What was left behind for the developers were all the "boring" bugs, which
Torvalds considered more important due to their volume. 

"Boring normal bugs are way more important, just because there's a lot more
of them," wrote Torvalds. "I don't think some spectacular security hole
should be glorified or cared about as being any more 'special' than a random
spectacular crash due to bad locking," he said. 

The Linux leader went on to state that "security people are often the
black-and-white kind of people that I can't stand." 

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.