[OpenIndiana-discuss] Critical security issue notification
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Fri Apr 11 13:34:04 UTC 2014
On Fri, 11 Apr 2014, Peter Tribble wrote:
>
> Not necessarily. Above a certain level of maturity in software, it's
> often the case that the primary vector for newly found bugs is new
> code changes - whether that be for fixing other bugs or for new
> features. Both openssl and bind are arguably in this category.
This assumes that someone is applying patches to older code to resolve
the issues found.
It is true that most new bugs are added in new software however it is
also the case that improved methods are leading to detecting many bugs
in mature software which otherwise would never have been found.
Things were radically different in C software development even just
ten years ago.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the OpenIndiana-discuss
mailing list