oss-sec mailing list archives
Re: Thoughts on Shellshock and beyond
From: Loganaden Velvindron <loganaden () gmail com>
Date: Tue, 7 Oct 2014 13:31:09 +0400
On Tue, Oct 7, 2014 at 1:11 PM, Hanno Böck <hanno () hboeck de> wrote:
Hi, Yesterday I wrote down some thoughts on Shellshock, Heartbleed and the whole issue of free software security: https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html Basically my key point is: These events caused interest in the sec community and people had a look - and found further issues. My question would be: Can we get that attention somehow *before* an event like shellshock happens? We probably all could name products that could have sec bugs with similar severity. I outlined a vague idea: Would it work if we'd say we make a "sec people, please have a look at software XY"-day? Would people do that? Heartbleed and Shellshock give me the feeling that there probably are, right now, security bugs with simliar severity active on our systems. Let's have a discussion how we can find them.
OpenBSD has been pretty successful at building a secure Operating System. I think that their approach works pretty well. By looking at what they are doing, this might give insight on how to increase interest in doing code audits in other Open Source projects.
cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
-- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
Current thread:
- Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Tim (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)