Comment Re:This is the problem with Linux Security (Score 1) 127
No Sir. I said a security company. Not a company with a security department.
No Sir. I said a security company. Not a company with a security department.
Actually, I am a security professional, working for one of the largest security companies in the industry.
It's clear you are not however.
It contained nested quotes. I see no text that can be attributed to you.
The OP does not inaccurately malign the attitude of the kernel develops towards security bugs. Their stance is widely known.
The examples I used in my post were just that, examples. They were not meant to be specific to this story, as I think the issue is greater than just this story.
Excuse me, but what flamebait? I did not insult you or your argument, instead I made a valid counter argument.
Oh, and my point wasn't that the maintainers are rude. My point is that the security industry keeps insisting the the Linux team practice responsible disclosure, and they keep arguing there is no need or benefit.
Stability and security are not mutually exclusive.
Although if you care about stability, then you should also care about security since many malicious attacks can affect stability.
OpenBSD is and mostly always has been a joke.
"Secure by default" isn't the same as auditing a few core services and disabling the rest.
They do a great job of maintaining OpenSSH though.
If you can't tell who was meant from the context, you should probably head on over to some other, simpler website. Perhaps Mac Rumors.
If you're going to be so anal to question an obvious typo, I guess I could ask what the point of your post is, as it only contains quotes.
You should read up some more on the clash between security professionals and the Linux maintainers.
Some bugs are more critical than others, and hiding them not to get negative attention or (rightfully) be pressured to fix them is pretty bad.
Given that the people in charge don't tend to disclose security vulnerabilities and actively hide them, it's difficult to say how long it was known for.
To expand on this, not only do they not assign security bugs the priority they deserve, they actively hide them.
http://arstechnica.com/securit...
FWIW, I love Linux and used Slackware for almost a decade.
Linux and Greg K-H have both gone on record saying that security issues are just another type of bug, and don't deserve any type of special treatment.
This is crap. A bug that allows remote code execution or even a DoS is a much, much bigger issues than fixing the user experience or minor stability issues.
When you don't assign the significant to security issues that they deserve, they go unpatched for 5 years.
It's kind of a concern.
It kind of is, since if someone is released they are meant to be considered rehabilitated.
Why release them back to society if they are not going to be given a fair chance?
"It says he made us all to be just like him. So if we're dumb, then god is dumb, and maybe even a little ugly on the side." -- Frank Zappa