impossibility of computer security?

From: Wei Dai (weidai@weidai.com)
Date: Mon Sep 16 2002 - 18:23:13 MDT


I wonder if anyone is as disturbed as I am with the recent news of remote
exploitable holes in OpenSSH and OpenSSL that allow attackers to run
arbitrary code. When open-source software whose only purpose is to improve
computer security actually make it worse, I have to wonder if security is
possible at all. Has anyone thought about what causes this seeming
inability of human beings to write secure software, and what its
implications are for the future?

Here are some of the security advisories:
http://online.securityfocus.com/advisories/4241
http://online.securityfocus.com/advisories/4316



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:17:05 MST