[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
James A. Donald
jamesd at echeque.com
Sun Jan 5 10:34:45 EST 2014
On 2014-01-05 12:23, Jonathan Thornburg wrote:
> The OpenBSD website points out that they've only had two remote holes
> in the default install in "a heck of a long time" (I think more than a
> decade). So perhaps the manual-updates security model remains viable....
Despite being open source, OpenBSD audits most of its code.
Audit is the only way to find remote holes, since remote hole attacks
consist of specially crafted abnormal data, hence will not show up in
ordinary testing.
More information about the cryptography
mailing list