Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Developers Security Bugs Primer

Posted by CmdrTaco on from the important-stuff-here-people dept.

CowboyRobot writes "ACM Queue's current issue on Open Source Security includes a short article by Eric Allman of Sendmail on how to handle security bugs in your code. "Patch with full disclosure. Particularly popular in the open source world (where releasing a patch is tantamount to full disclosure anyway), this involves opening the kimono and exposing everything, including a detailed description of the problem and how the exploit works... Generally speaking, it is easier to find bugs in open source code, and hence the pressure to release quickly may be higher.""

4 of 35 comments (clear)

  1. Opening the kimono and exposing everything by Anonymous Coward · · Score: 5, Funny

    Check with local law enforcement first, as this is illegal in most prefectures.

  2. Short sighted. by Spazntwich · · Score: 3, Funny

    This is an extremely narrowly focused article. He doesn't account for anyone else's choice of apparel, and Netcraft has recently confirmed that Kimonos are dying anyway. There can't be that many users of such an outdated technology.

    Next time take into consideration those who choose to wear sweatpants, moo-moos, and the increasingly popular among furries peanut butter suit + placard.

  3. Sendmail? by jfedor · · Score: 4, Funny

    Getting advice on how to handle security bugs in your software from someone who works on Sendmail is like getting advice on dealing with relationship problems from someone who was divorced seven times. I mean, sure, he's got experience...

  4. Those Lucky A Developers! by Anonymous Coward · · Score: 2, Funny

    What about the B developers? Do they not get a security bugs primer?