OpenBSD’s Theo de Raadt talks software security

Monday, 13 September 2004, 12:10 AM EST

In an exclusive interview with Computerworld's Rodney Gedda, the man behind an operating system that lays claim to only one remote exploit in the default install in seven years, reveals where we are headed – and how far we have to go – in the search for more secure software

What are some of the things that the software industry today is neglecting or ignoring in terms of security and why do we have some many security problems?

Almost all the security problems that happen in software, like probably 95 percent of them, are low-level programmer errors. What happens is people are misusing program functions; they think they know how to use them but they’re making very, very dumb errors and very small errors. These are things that we’ve been getting away with forever. The things that people learn from these things are copied by people reading code. These erroneous paradigms are being copied into newer pieces of code over, and over, and over. So now with the open source community and the close source community, we are faced with, let’s say billions of lines of source code, all written by people who have made the same paradigm errors and passed them on to the next program. That’s why we have security holes. An attacker is using the unintended side-effect of a bug, and since he understands them, he takes the unintended side-effects and twists them to give him privilege. He gets himself privilege because the machine behaves so regularly.

By Rodney Gedda at Computerworld.

[ Read more ]




Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //