[TUHS] SunOS code?
Arthur Krewat
krewat at kilonet.net
Wed Sep 5 22:55:02 AEST 2018
On 9/5/2018 2:31 AM, Gilles Gravier wrote:
> It's the common example that I use to tell people that opensourcing
> software makes it more secure because the good guys have access to the
> source code at the same time as the bad guys, which gives them a fair
> chance to fix bugs before the bad guys use them.
Bash/Shellshock kinda proves that premise incorrect, although it's
pretty much the worst-case example, but still... ;)
Announced in 2014, it goes back to September 1989 (according to a
wikipedia article, so I'm not sure about that date's accuracy).
https://en.wikipedia.org/wiki/Shellshock_(software_bug)
https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
https://www.cvedetails.com/product/17/IBM-AIX.html?vendor_id=14
https://www.cvedetails.com/product/20/HP-Hp-ux.html?vendor_id=10
https://www.cvedetails.com/product/19755/Oracle-Solaris.html?vendor_id=93
It could be argued that the above CVE results are either under-reported
(closed-source), or over-reported (open-source). Or vice-versa ;)
ak
More information about the TUHS
mailing list