|
Message-ID: <20141007111117.7cd4dca6@hboeck.de>
Date: Tue, 7 Oct 2014 11:11:17 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Thoughts on Shellshock and beyond
Hi,
Yesterday I wrote down some thoughts on Shellshock, Heartbleed and the
whole issue of free software security:
https://blog.hboeck.de/archives/857-How-to-stop-Bleeding-Hearts-and-Shocking-Shells.html
Basically my key point is: These events caused interest in the sec
community and people had a look - and found further issues.
My question would be: Can we get that attention somehow *before* an
event like shellshock happens? We probably all could name products that
could have sec bugs with similar severity.
I outlined a vague idea: Would it work if we'd say we make a "sec
people, please have a look at software XY"-day? Would people do that?
Heartbleed and Shellshock give me the feeling that there probably are,
right now, security bugs with simliar severity active on our systems.
Let's have a discussion how we can find them.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.