Bad for OSS/FS? Certainly no evidence that proprietary will save us!
Posted Sep 17, 2003 20:38 UTC (Wed) by proski
In reply to: Bad for OSS/FS? Certainly no evidence that proprietary will save us!
Parent article: Remotely exploitable sendmail vulnerability
The notion that a particular development approach makes developers immune from flaws is absurd.
It's an absurd to make such blanket statements. There are methods for formal software verification
of software against the specification. They may be time consuming and impractical for today's real life projects, but the progress is being made. When it comes to software like ssh and mail software, there is so much at stake that I expect some of those methods to be used in the near futue if they are not being used already.
Software used on life support systems or power plants doesn't just need to be "best in class", it needs to meet the specification. Some attackers are not as stupid as a bear from your story. They aim at most protected systems to maximize damage, not at the easiest system to break into.
to post comments)