Conversation

Conversation

Notices

mulander (mulander@bsd.network)'s status on Thursday, 25-Jan-2018 15:04:59 EST mulander

@starbreaker yes, but this time someone really took the effort to spin a nice presentation into the doomsday clock hitting 0 -> https://www.itworld.com/article/3250653/open-source-tools/is-the-bsd-os-dying-some-security-researchers-think-so.html
In conversation Thursday, 25-Jan-2018 15:04:59 EST from bsd.network permalink
Attachments
1. Are the BSDs dying? Some security researchers think so
  
  from ITworld
  
  To few eyeballs on code is a security issue. Can FreeBSD, OpenBSD, and NetBSD survive?
1. clacke (clacke@social.heldscal.la)'s status on Friday, 02-Feb-2018 22:26:04 EST clacke
  in reply to
  
  @mulander @starbreaker @samis
  
  > van Sprundel says he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called "low-hanging fruit." He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched.
  
  > "By and large, most security flaws in the Linux kernel don't have a long lifetime. They get found pretty fast," van Sprundel says. "On the BSD side, that isn't always true. I found a bunch of bugs that have been around a very long time." Many of them have been present in code for a decade or more.
  
  But also:
  
  > van Sprundel also praised OpenBSD's response to his bug findings, saying that De Raadt responded within a week, and OpenBSD patched the flaws within a few days.
  
  Awesome job, de Raadt!
  
  In conversation Friday, 02-Feb-2018 22:26:04 EST from social.heldscal.la permalink

Public

Notices