LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Reasoning Releases Results of a Software Code Audit of the Apache Web Server

Reasoning Releases Results of a Software Code Audit of the Apache Web Server

Posted Jul 2, 2003 4:51 UTC (Wed) by piman (subscriber, #8957)
Parent article: Reasoning Releases Results of a Software Code Audit of the Apache Web Server

This also depends on how you define a "defect." Certain things, like a buffer overflow or a race condition, definitely are. But if Microsoft was auditing Outlook, the ability to run scripts automatically, or load images or links from remote servers, isn't a defect. If (say) OpenBSD was to do the audit, it definitely would be.

I don't know if the "proprietary equivalents" for webservers contain similar problems, but proprietary software seems to differentiate between "design flaws" and "defects" (the former never being fixed), where I find free software usually treats serious design flaws as bugs like any other.

Since Reason's methods seem to be automated, it's likely that they don't pick up these sort of problems. This isn't a jab at Reason, who seem to be doing interesting stuff (in research and in practice), but just a reflection on their results.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds