It has been reported that OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass.
It has been reported that OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Eric Raymond famously said \”given enough eyeballs, all bugs are shallow.\” What he meant was that if you have enough developers examining your software for enough time, eventually nearly all bugs will be found and fixed. While this is probably true, it\’s the enough eyeballs part that is difficult. OpenBSD is estimated to contain nearly three million lines of code. How many eyeballs do you need for that? How much time?
Using automated tools can reduce the amount of manual work that is needed to keep risk acceptably low. Techniques such as source analysis and fuzz testing assist the development team in finding and fixing bugs before release. Given the complexity of OpenBSD and many other projects, it is hardly surprising that new vulnerabilities, sometimes serious, continue to be found. The lesson to be learned is that updating your systems is critically important. When vulnerabilities like this become widely known, you must update your systems promptly, because attackers will be in just as much of a hurry to exploit the vulnerability.