[83092] in North American Network Operators' Group
Re: DARPA and the network
daemon@ATHENA.MIT.EDU (Todd Vierling)
Thu Aug 4 18:26:54 2005
Date: Thu, 4 Aug 2005 18:26:13 -0400 (EDT)
From: Todd Vierling <tv@duh.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Michael.Dillon@btradianz.com, nanog@merit.edu
In-Reply-To: <87vf2lvipw.fsf@deneb.enyo.de>
Errors-To: owner-nanog@merit.edu
On Thu, 4 Aug 2005, Florian Weimer wrote:
> > So why did OpenBSD succeed in their rigorous audit process?
>
> Have they? The list at <http://www.openbsd.org/security.html#37>
> continues to grow, and nowadays, it seems that only a fraction of
> those issues have been discovered by the OpenBSD audit process.
>
> Searching for "isakmpd" on that page is pretty instructive as well.
It's all in the public relations and public perception.
I'm one of the developers for NetBSD. From what I can see, on average, all
the BSDs are about the same when it comes to addressing vulnerabilities.
They're almost on par when it comes to preventative measures (but remember,
some preventative measures can go too far: OpenBSD has fallen victim to
that more than once). The real end-of-the-day tangible difference wrt
security is how vocal the project's security team is.
OpenBSD "wins" some security discussions only because it's being shouted
from rooftops. The act of shouting doesn't make something better by itself.
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
