User: Password:
|
|
Subscribe / Log in / New account

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 7, 2011 9:00 UTC (Fri) by cate (subscriber, #1359)
In reply to: Kernel.org's road to recovery by malor
Parent article: Kernel.org's road to recovery

But this is a problem of bad security people, not (only) bad kernel.

13 years ago many security people was thinking about perimeters, DMZ, etc. thinking that internal net was safe, because "in control" of security people. Only to discover that they were very wrong: people attached modems (then laptop, then USB disks) against corporate rules.

I think now we have the same problem: some people think that kernel is unbreakable (it they update quickly after announced CVE), thus tend to trust the "computer perimeter" too much.

IMHO if a system can kill a man because of a kernel bug, it means that the security responsible was very incompetent.


(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 7, 2011 10:42 UTC (Fri) by ortalo (subscriber, #4654) [Link]

It could possibly be simply that the security team does not have enough authority. Users are not so innocent usually (though generally totally unconscious of that).
Plus, the real culprit is... the attacker.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds