Comments on: How is Security like Bread Mold? http://www.securitycurve.com/wordpress/archives/438?utm_source=rss&utm_medium=rss&utm_campaign=how-is-security-like-bread-mold Mon, 06 Sep 2010 07:38:49 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Peter H http://www.securitycurve.com/wordpress/archives/438/comment-page-1#comment-95 Peter H Tue, 12 Sep 2006 07:53:44 +0000 http://securitycurve.com/wordpress/?p=438#comment-95 I agree with you, I believe there must be very few people auditing the open source. But still there's one more group, which does audit the code at some level. Developers who are using those open source tools and suddently find themselves in need of some improvement which looks simple enough to be added by them. (of course usually it turns out it would require rewrite quarter of the original code, but the partial audit is done at that point :)) I agree with you, I believe there must be very few people auditing the open source.

But still there’s one more group, which does audit the code at some level. Developers who are using those open source tools and suddently find themselves in need of some improvement which looks simple enough to be added by them. (of course usually it turns out it would require rewrite quarter of the original code, but the partial audit is done at that point :) )

]]> By: David Gerard http://www.securitycurve.com/wordpress/archives/438/comment-page-1#comment-94 David Gerard Fri, 08 Sep 2006 16:51:27 +0000 http://securitycurve.com/wordpress/?p=438#comment-94 The obvious answer to your question is "OpenBSD". They obsessively audit their code, over and over and over, as they discover new bad ways of doing things. They also audit the more popular applications running on OpenBSD, to the point where their versions of some applications (notably BIND and Apache) are pretty much OpenBSD forks. They brag about their security, but security in a useful Unix is their reason for being, and they have a reasonable basis for bragging!I just wish more projects would audit the way they do ... The obvious answer to your question is “OpenBSD”. They obsessively audit their code, over and over and over, as they discover new bad ways of doing things. They also audit the more popular applications running on OpenBSD, to the point where their versions of some applications (notably BIND and Apache) are pretty much OpenBSD forks. They brag about their security, but security in a useful Unix is their reason for being, and they have a reasonable basis for bragging!I just wish more projects would audit the way they do …

]]>