| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200407020341.15971.fulldisc@ultratux.org> From: fulldisc at ultratux.org (Maarten) Subject: Web sites compromised by IIS attack On Thursday 01 July 2004 12:09, Valdis.Kletnieks@...edu wrote: > On Wed, 30 Jun 2004 21:08:27 CDT, Paul Schmehl <pauls@...allas.edu> said: > > I attended a presentation yesterday for a security product in the > > application firewall field. During the presentation, the CISSP stated > > that "in every 1000 lines of code there will be 15 errors". I don't know > > if I'd agree with that - I suspect most coders are a bit better than that > > - but I had to chuckle, because, of course, I immediately thought, "So > > you admit that your code is riddled with holes!" > > Actually, I suspect most coders are *worse* than that. > > Sendmail 8.13.0 weighs in at just about 90K lines of C code for > the main program. By that metric, there should only have been 135 > bugs in it. In fact, there are 441 occurrences of 'Problem noted by' > in the release notes. Except for the fact that your math is off; 15 times 90 equals 1350, not 135. By that number, we'd have to assume that not even half of sendmails' bug are found as of yet, which imho is a little hard to believe. just nitpicking, but... Greetings, Maarten
Powered by blists - more mailing lists