i
Open Source and Linux News & Software
OSDir.com | News | Application Directory | O'REILLY.com | O'REILLY NETWORK Subscribe to the OSDir.com Newsletter ::

Main Menu

Submit:
· News/Reviews/Release
· Submit a New App!

News Categories:
· Apple
· *BSD
· Ask OSDir
· Culture
· Databases
· Development
· Hardware
· Java
· Legal
· Linux
· Linux (Enterprise)
· Mono
· Perl
· PHP
· Python
· XML
· Site News
· Software
·  -Application Directory-
· -Search-

Misc:
· Advertise With Us!
· Editorial Feedback

Partners
· mod_foo
· LinuxBeta
· LinuxQuestions
· LXer

Services
· OpenSource.org Mirror
· (2)
· (3)
· FOSSPlanet
· "Open Source" Swag

Software Reviews Wanted!
We're looking for authors! Please ping us if you'd like to write a review of a new software release.

Interested? email us!


RSS/XML

Columns:
KDE: From the Source
Danny O'Brien: To Evil!

News Categories:
All!
Apple
*BSD
Databases
Development
Java
Linux
Ent.Linux
Mono
Perl
PHP
Python
Ruby
Solaris
XML


User's Login
 Username
 Password
 Remember me


 Log in Problems?
 New User? Sign Up!

O'Reilly Network Technologies:
Sites
MacDevCenter.com
ONJava.com
ONLamp.com
OSDir.com
OpenP2P.com
Perl.com
XML.com

OSDir Supported By:
Discount Hotels
Dell Coupons
Home Improvement
Snoopy
Life Insurance Online

Debt Consolidation Online
Online Degree Information
Mortgage Loans
Insurance Quotes Online
Travel - Book Online

Cool Ski Packages
Second Mortgage Online
Convention Hotels
Refinance Mortgage
Directory Elib

Baby Bedding
Hotels Guaranteed
Price Comparison
Cuban Cigars


Who's Online
We have 336 guests and 0 members online

Welcome Guest, become a member today.



Software: OpenBSD’s Theo de Raadt talks software security
Posted Sep 20, 2004 - 03:23 AM



"With security the focus of this year’s Australian Unix Users Group (AUUG) conference, OpenBSD founder and project lead Theo de Raadt was invited to speak on exploit mitigation techniques. In an exclusive interview with Computerworld's Rodney Gedda, the man behind an operating system that lays claim to only one remote exploit in the default install in seven years, reveals where we are headed – and how far we have to go – in the search for more secure software

What are some of the things that the software industry today is neglecting or ignoring in terms of security and why do we have some many security problems?

Almost all the security problems that happen in software, like probably 95 percent of them, are low-level programmer errors. What happens is people are misusing program functions; they think they know how to use them but they’re making very, very dumb errors and very small errors. These are things that we’ve been getting away with forever. The things that people learn from these things are copied by people reading code. These erroneous paradigms are being copied into newer pieces of code over, and over, and over. So now with the open source community and the close source community, we are faced with, let’s say billions of lines of source code, all written by people who have made the same paradigm errors and passed them on to the next program. That’s why we have security holes. An attacker is using the unintended side-effect of a bug, and since he understands them, he takes the unintended side-effects and twists them to give him privilege. He gets himself privilege because the machine behaves so regularly.

The attacker is always going to know how to do this. The only way we can solve this is by making the environment harsh or by fixing the bugs. And we know that fixing the bugs is never going to happen when we’re talking billions of lines of code. We’ve been trying for a while to do that. That’s why we are having all the security problems."

ComputerWorld AU
We love Screenshots! Got a new release? Ping us, where to grab them from.
Submit news and be eligible for a monthly O'Reilly book draw!
OpenBSD’s Theo de Raadt talks software security | Login/Create an account | 0 Comments
Threshold
  
Comments are owned by the poster. We aren't responsible for their content.

Comments are property of their posters, the rest 2004 OSDir.com
All logos and trademarks are the property of their respective owners.
OSDir.com is powered by PostNuke | News.OSDir.com (Achived News)