Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Finding Security Holes a Good Idea?

Posted by michael on from the dare-not-speak-its-name dept.

ekr writes "A lot of effort goes into finding vulnerabilities in software, but there's no real evidence that it actually improves security. I've been trying to study this problem and the results (pdf) aren't very encouraging. It doesn't look like we're making much of a dent in the overall number of vulnerabilities in the software we use. The paper was presented at the Workshop on Economics and Information Security 2004 and the slides can be found here (pdf)."

5 of 433 comments (clear)

  1. Uphill battles by pudge · · Score: 0, Offtopic

    Should we jail murderers, since it doesn't seem to prevent murders, or curb the murder rate? Whatever.

    Anyway, he is looking at the problem on too wide a scale. Slash (the code running this site) is much less vulnerable to various exploits than many of the alternatives that have cropped up, and yes, it has been a huge benefit to the people who run and use this site, undoubtedly.

  2. Correct N-U link ... by xmas2003 · · Score: 0, Offtopic

    FYI FWIW: If you want to link to the Slashdot Nigritude Ultramarine artcile you need to link to the archived URL as done here.

    --
    Hulk SMASH Celiac Disease
  3. Re:Karma Whore by Mz6 · · Score: 0, Offtopic

    I hate loading Adobe's bloatware... I meant to post as AC anyways. Damn... lay off.

    --
    Hmmm.
  4. Ummm... by wurp · · Score: 0, Offtopic

    People's safety concerns for SUVs are not jealousy issues in which we are worried that SUV drivers are safer than us. In fact, SUVs are safer in collisions with other vehicles - but they cause more additional deaths in the other vehicles than the lives they save of SUV occupants. BUT, in terms of fatalities of occupants per mile driven, they are WORSE. Weighty, top-heavy, relatively narrow SUVs are more prone to go out of control on wet roads and especially likely to flip if the steering wheel is turned too quickly or if they hit a guardrail.

    See http://www.nhtsa.dot.gov/nhtsa/announce/press/pres sdisplay.cfm?year=2003&filename=pr32-03.html and http://www.suv.gs/suv-rollover/suv-rollover-fatali ty-risk-suv-controversy.html and http://www.smartmotorist.com/suv/suv.htm or just google for "SUVs accident statistics rollovers" for yourself.

    So, it sounds to me like a selfishness and cowardice issue on the part of the SUV driver - I would rather two other people die in a car to car collision than I die. And then of course you factor in the foolishness issue - in fact, my chances as an SUV driver of dying on the road are higher. It's only my chances of dying in a collision with another car that are lower.

    I personally firmly believe SUVs have their place. If you have three kids and a frequent need to haul things, by all means drive an SUV. If you have rough dirt roads or offroading, again - go for it. However, I have serious issues with dealing with the externalized costs of higher pollution, higher risk of accident and higher risk of fatalities from accidents of people who use their giant SUV as a commuting vehicle in congested city driving.

  5. Here's a good patching system... by CrazyPyro · · Score: 0, Offtopic

    emerge -UD world

    And yes, I am a Gentoo zealot...