Comment: OpenBSD Patches Authentication Bypass, Privilege Escalation Vulnerabilities

It has been reported that OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass.

Experts Comments

December 06, 2019
Jonathan Knudsen
Senior Security Strategist
Synopsys
Eric Raymond famously said "given enough eyeballs, all bugs are shallow." What he meant was that if you have enough developers examining your software for enough time, eventually nearly all bugs will be found and fixed. While this is probably true, it's the enough eyeballs part that is difficult. OpenBSD is estimated to contain nearly three million lines of code. How many eyeballs do you need for that? How much time? Using automated tools can reduce the amount of manual work that is needed to.....Read More
Eric Raymond famously said "given enough eyeballs, all bugs are shallow." What he meant was that if you have enough developers examining your software for enough time, eventually nearly all bugs will be found and fixed. While this is probably true, it's the enough eyeballs part that is difficult. OpenBSD is estimated to contain nearly three million lines of code. How many eyeballs do you need for that? How much time? Using automated tools can reduce the amount of manual work that is needed to keep risk acceptably low. Techniques such as source analysis and fuzz testing assist the development team in finding and fixing bugs before release. Given the complexity of OpenBSD and many other projects, it is hardly surprising that new vulnerabilities, sometimes serious, continue to be found. The lesson to be learned is that updating your systems is critically important. When vulnerabilities like this become widely known, you must update your systems promptly, because attackers will be in just as much of a hurry to exploit the vulnerability.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.