LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ignorance is not an excuse for spreading FUD

Ignorance is not an excuse for spreading FUD

Posted Mar 15, 2007 16:44 UTC (Thu) by bronson (subscriber, #4806)
In reply to: Ignorance is not an excuse for spreading FUD by mheily
Parent article: A second remote hole for OpenBSD

I must disagree with you mheily. It's simply good security practice to treat an exploit as its worst potential outcome. This particular exploit had components that could be used to remote the box, yet the OpenBSD team chose to categorize it as nuisance. That's unfortunate, isn't it?

Reading the report starting with, 'OpenBSD no longer uses the term "vulnerability" when referring to bugs that lead to a remote denial of service attack,' shows how reluctant the OpenBSD team was to categorize it properly, even after the exploit was demonstrated. Why were they so reluctant?

Don't get me wrong -- OpenBSD is fantastically secure and I often use it myself. But their response in this case was uncharacteristically sloppy. How many machines were rooted in the nine days it took to convince the OpenBSD team of this bug's severity?

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds