| |||||||||||||
Write to NVIDIAWrite to NVIDIAPosted Oct 17, 2006 9:47 UTC (Tue) by NAR (subscriber, #1313)In reply to: Write to NVIDIA by cate Parent article: Local root exploit in NVidia driver The open source programs have more security advisory because people check the sources and send bug report. It is rare to found an exploit before upstream fix bugs. I seem to recall that even Debian servers were compromised by a previously unknown local root exploit based on a kernel bug - and probably the kernel gets the most peer review, so the situation could be only worse for other projects. Anyway, I believe that the number of critical bugs does not depend directly on the methodology of development, it depends on the skill of the developers and their deadlines.
(Log in to post comments)
Write to NVIDIA Posted Oct 17, 2006 10:04 UTC (Tue) by cate (subscriber, #1359) [Link] The exploits of Debian server, IIRC, was two kernel bugs. IIRC one was discovered with forensic of the debian exploit. So I agree, also open sources have zero-day exploits.But IIRC there was some studies about drivers, and the majority of binary drivers was coded in a very very bad manner (and not only Linux drivers).
Linux have specialized people with good kernel skills in design, features and common problems. Unfortunately the hardware designers lack of people with in-deep known. (Maybe "our" editor books helps to fill the gap)
Anyway there are a lot of security problem in a lot of open source programs. And I think for a cultural reason.
|
|||||||||||||