Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are the BSDs Dying? Some Security Researchers Think So (csoonline.com)

Posted by msmash on from the closer-look dept.

itwbennett writes: The BSDs have lost the battle for mindshare to Linux, and that may well bode ill for the future sustainability of the BSDs as viable, secure operating systems, writes CSO's JM Porup. The reason why is a familiar refrain: more eyeballs mean more secure code. Porup cites the work of Ilja von Sprundel, director of penetration testing at IOActive, who, noting the "small number of reported BSD kernel vulnerabilities compared to Linux," dug into BSD source code. His search 'easily' turned up about 115 kernel bugs. Porup looks at the relative security of OpenBSD, FreeBSD and NetBSD, the effect on Mac OS, and why, despite FreeBSD's relative popularity, OpenBSD may be the most likely to survive.

4 of 196 comments (clear)

  1. Re: "more eyeballs mean more secure code"?! by fmoliveira · · Score: 3, Informative

    van Sprundel also praised OpenBSD's response to his bug findings, saying that De Raadt responded within a week, and OpenBSD patched the flaws within a few days.

  2. Re: BSDs dying? by tepples · · Score: 1, Informative

    And being able to install straight onto ZFS is huge; Debian and Ubuntu need to get this into their installers.

    I don't see how that can be done legally, as Linux and ZFS have incompatible copyright licenses.

  3. Re:"more eyeballs mean more secure code"?! by koavf · · Score: 5, Informative

    Code quality doesn't come from the quantity of people looking at it. Code quality comes from the quality of the people working on it.

    Did you read the article? Theo De Raadt says as much:

    Theo De Raadt, the founder of OpenBSD, agreed with van Sprundel that more eyeballs on OpenBSD would make the operating system more secure. "I remember reading his first slides, which were mostly about the impact of small API misuses," De Raadt tells CSO Online by email. "Unfortunately, this is a problem of the volume of code relative to manpower. Ensuring all code is 100 percent bug-free and handles all exceptional conditions is a rather difficult problem."

  4. Re:MacOS X? by Anonymous Coward · · Score: 2, Informative

    I'm a Mac user and I've downloaded and installed FreeBSD, NetBSD and Minix 3 in virtual machines, so I could work through tutorials that were geared toward these systems.

    The question then became, what can I actually DO with them that I can't do already with Mac OS? I couldn't find anything. So those VMs went in the trash.