Slashdot Mirror


A Developers Security Bugs Primer

CowboyRobot writes "ACM Queue's current issue on Open Source Security includes a short article by Eric Allman of Sendmail on how to handle security bugs in your code. "Patch with full disclosure. Particularly popular in the open source world (where releasing a patch is tantamount to full disclosure anyway), this involves opening the kimono and exposing everything, including a detailed description of the problem and how the exploit works... Generally speaking, it is easier to find bugs in open source code, and hence the pressure to release quickly may be higher.""

2 of 35 comments (clear)

  1. I wouldn't listen to him. by Anonymous Coward · · Score: -1, Troll

    For years sendmail has been one of the most insecure programs on a typical UNIX or Linux system. Numerous systems have been compromised due to flaws in sendmail.

    Sendmail is a poorly designed and poorly implemented system. So I'm not sure I'd really want to listen to the author of such a system telling me how I should improve my code. Maybe he should get his to a reasonable state, first. After around two decades of development, you think it'd be of a higher quality by now.

  2. This FP 7or GNAA by Anonymous Coward · · Score: -1, Troll

    his cl4sh With