Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Finding Security Holes a Good Idea?

Posted by michael on from the dare-not-speak-its-name dept.

ekr writes "A lot of effort goes into finding vulnerabilities in software, but there's no real evidence that it actually improves security. I've been trying to study this problem and the results (pdf) aren't very encouraging. It doesn't look like we're making much of a dent in the overall number of vulnerabilities in the software we use. The paper was presented at the Workshop on Economics and Information Security 2004 and the slides can be found here (pdf)."

12 of 433 comments (clear)

  1. RTFM?! by Anonymous Coward · · Score: -1, Offtopic

    Looks like a school project or something...the company name is RTFM, Inc.

  2. Dammit.. AC by Anonymous Coward · · Score: -1, Offtopic

    I meant to post as AC.. Karma be damned.

  3. MOD PARENT UP by Anonymous Coward · · Score: -1, Offtopic

    stupid moderators, it was supposed to be a joke

  4. Mercatur's hole by Anonymous Coward · · Score: -1, Offtopic

    www.mercatur.net

    Her brother and his girlfriend have kicked her out of their house because Mercatur keeps bringing men back to their house to copulate with.

    So what if Mercatur believe in free love? So what if she is sexually active and attractive? This woman is so hot, can you blame men for being drawn into her web of seduction?

    Mercatur was brought up in Texas but she didn't let that hold her back. She's now queen of the Internet Camgirls, with a body to match her reputation.

    Mercatur is the sexiest woman on the Internet. Don't you dare deny it.

    www.mercatur.net

  5. Uphill battles by pudge · · Score: 0, Offtopic

    Should we jail murderers, since it doesn't seem to prevent murders, or curb the murder rate? Whatever.

    Anyway, he is looking at the problem on too wide a scale. Slash (the code running this site) is much less vulnerable to various exploits than many of the alternatives that have cropped up, and yes, it has been a huge benefit to the people who run and use this site, undoubtedly.

  6. Correct N-U link ... by xmas2003 · · Score: 0, Offtopic

    FYI FWIW: If you want to link to the Slashdot Nigritude Ultramarine artcile you need to link to the archived URL as done here.

    --
    Hulk SMASH Celiac Disease
  7. Karma Whore by Gothmolly · · Score: -1, Offtopic

    So if there's a static, 20KB PDF file, it somehow slashdots a server? Bah, I call whore.

    --
    I want to delete my account but Slashdot doesn't allow it.
    1. Re:Karma Whore by Mz6 · · Score: 0, Offtopic

      I hate loading Adobe's bloatware... I meant to post as AC anyways. Damn... lay off.

      --
      Hmmm.
  8. Re:Placing all bets by Anonymous Coward · · Score: -1, Offtopic
    How long until someone on Slashdot uses this opportunity to reference and bash Microsoft in some way, shape, or form?

    Apparently, not as long as it took to get the first predictable post from a member of the "I'm better than you all because I don't follow the anti-Microsoft herd" herd.

  9. Re:Placing all bets by His+Shadow · · Score: -1, Offtopic

    Not as fast as some overly sensitive type launches a pre-emptive pro-Microsoft strike to deflect justly deserved criticism.

    --

    Fiat Homos et Pereat Theos

  10. Ummm... by wurp · · Score: 0, Offtopic

    People's safety concerns for SUVs are not jealousy issues in which we are worried that SUV drivers are safer than us. In fact, SUVs are safer in collisions with other vehicles - but they cause more additional deaths in the other vehicles than the lives they save of SUV occupants. BUT, in terms of fatalities of occupants per mile driven, they are WORSE. Weighty, top-heavy, relatively narrow SUVs are more prone to go out of control on wet roads and especially likely to flip if the steering wheel is turned too quickly or if they hit a guardrail.

    See http://www.nhtsa.dot.gov/nhtsa/announce/press/pres sdisplay.cfm?year=2003&filename=pr32-03.html and http://www.suv.gs/suv-rollover/suv-rollover-fatali ty-risk-suv-controversy.html and http://www.smartmotorist.com/suv/suv.htm or just google for "SUVs accident statistics rollovers" for yourself.

    So, it sounds to me like a selfishness and cowardice issue on the part of the SUV driver - I would rather two other people die in a car to car collision than I die. And then of course you factor in the foolishness issue - in fact, my chances as an SUV driver of dying on the road are higher. It's only my chances of dying in a collision with another car that are lower.

    I personally firmly believe SUVs have their place. If you have three kids and a frequent need to haul things, by all means drive an SUV. If you have rough dirt roads or offroading, again - go for it. However, I have serious issues with dealing with the externalized costs of higher pollution, higher risk of accident and higher risk of fatalities from accidents of people who use their giant SUV as a commuting vehicle in congested city driving.

  11. Here's a good patching system... by CrazyPyro · · Score: 0, Offtopic

    emerge -UD world

    And yes, I am a Gentoo zealot...