[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Is Marty Lying?

To: security snot <booger@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Is Marty Lying?
From: Blue Boar <BlueBoar@xxxxxxxxxxx>
Date: Mon, 22 Sep 2003 21:47:40 -0700

security snot wrote:

The "code audit" that you guys did to make sure nothing was backdoored was
quite thorough too, considering since then remote bugs in Snort have been
published.  If you can't even spot the vulnerable code you introduce into
your source tree by accident, how can you definitively argue that no one
else snuck in subtle bugs that you also didn't catch?


I'm sure it would have been extraordinarily difficult to run 'diff' on
the codebase before the intrusion and the one after, to see if any of
the changes weren't accounted for.

BB


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Is Marty Lying?
  - From: security snot

References:
- Re: [Full-Disclosure] Is Marty Lying?
  - From: Martin Roesch
- Re: [Full-Disclosure] Is Marty Lying?
  - From: security snot

Prev by Date: Re: [Full-Disclosure] p63: Call for Articles!
Next by Date: [Full-Disclosure] ColdFusion cross-site scripting security vulnerability of an error page
Previous by thread: Re: [Full-Disclosure] Is Marty Lying?
Next by thread: Re: [Full-Disclosure] Is Marty Lying?
Index(es):
- Date
- Thread