Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453717
To view parent comment, click here.
To read all comments associated with this story, please click here.
ichi
Member since:
2007-03-06

a company has financial incentive to audit their code, since they can be sued if something goes wrong.


Really? When was the last time that happened?
Has any software company ever been sued because of a bug that compromised their customers' security?

Reply Parent Score: 3

TheGZeus Member since:
2010-05-19

Heh.
Precisely.
http://www.junauza.com/2010/12/top-50-programming-quotes-of-all-tim...

“If McDonalds were run like a software company, one out of every hundred Big Macs would give you food poisoning, and the response would be, ‘We’re sorry, here’s a coupon for two more.’ “
- Mark Minasi

Posted here on the 14th.

Reply Parent Score: 2

google_ninja Member since:
2006-02-05

been working on an audit for the purpose of certification for the last two weeks now. It is proprietary software, and we will need to re-certify regularly.

On the flip side, I have never audited any open source project for security issues.

so yeah, it happens.

Reply Parent Score: 2

ichi Member since:
2007-03-06

been working on an audit for the purpose of certification for the last two weeks now. It is proprietary software, and we will need to re-certify regularly.

On the flip side, I have never audited any open source project for security issues.

so yeah, it happens.


What does auditing for a certification have to do with being sued for a bug?

Reply Parent Score: 2