| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.53.0403180242440.16935@test1900.meganameservers.com> From: todd at hostopia.com (Todd Burroughs) Subject: Operating Systems Security, "Microsoft Security, baby steps" Here's a good example. Yesterday, a problem was resolved with OpenSSL. This package is used in a *lot* of software (yes, including *BSD ;-). SuSE had patches out the fastest, within hours of the official release. Over the course of the day, I saw most/all of the major open source OS vendors (Linux and BSD) announce patches to this problem. I know that other major software companies use OpenSSL in their products; the "free/open source" software community responds very quickly, much faster than any commercial vendor (I noticed that Cisco released a patch). This is proof, same day fix vs. fix in a few months. Updating any OS is a pain in the ass, but all of them have flaws and need to be updated. I find that at least with the UNIX-like ones, you can go on the Net and do your updates faster than you get rooted. MS really needs to fix this, they need to make it so that mom and pop can install and do updates without getting taken over. Kudos to SuSE, keep up the good work! We're getting nervous with the Novell thing, but keep security first. One thing, we need a basic install, no X, just a base install that is secure. One thing to note, I've updated a lot of SuSE based servers and had no problem, but would rather wait a bit than have problems if the vendor didn't have the resources to test things first and the problem is supposed to be limited to a DOS (as oppposed to remote root). Todd Burroughs
Powered by blists - more mailing lists