lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ad0c6ngz.fsf@it029205.massey.ac.nz>
From: j.riden at massey.ac.nz (James Riden)
Subject: Support the Sasser-author fund started

merlyn@...nehenge.com (Randal L. Schwartz) writes:

> So why is it, with Microsoft and all of their billeeeunnss of dollars,
> that they wouldn't spend at least SOME MORE of that BEFORE they
> release their code?  OpenBSD manages a decent security review and a
> right mindset towards security on the annual amount of money that Bill
> Gates makes every time he takes a dump.

I haven't seen the Win32 source code, but I'd bet that OpenBSD is
considerably easier to audit - I have a growing suspicion that Win32
is just too complex to be properly secured. A lot of recent patches
have had unintended consequences or have been marked as having new
functionality.

-- 
James Riden / j.riden@...sey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ