Hi Logan,
At 02:23 01-11-2015, Loganaden Velvindron wrote:
>It's not only LUGM. There are *many* companies in Mauritius relying on
>Open Source Software. How many are actually carrying out security
>audits, and discovering those flaws ? The numbers speak for themselves.
I suggest taking up this topic in a group interested in Open Source advocacy.
>Auditing for security flaw, involves having good knowledge of software
>development, *and* being able to critically analyze code to find a way
>to subvert it. A security expert who cannot understand how unbounded
>string copies leads to buffer overflows is NOT a security expert. Why
>would a security company hire a security engineer who does not
>understand those ?
Has there been a buffer overflow in any software you have written?
>Discovering a compromised website is one thing. However, going through
>the web application code, and discovering the vulnerable code which
>allows that to happen is what a real security expert would do. Now, how
>to prevent that from happening, by rewriting the code is next step. How
>many people can do that in Mauritius ? I would be happy to one day see
>someone post such an analysis on his blog.
There is a report at
https://lists.afrinic.net/pipermail/announce/2014/001230.html Is an
analysis available? :-)
It is not to the advantage of the person writing the blog article to
share all that information for free when someone else will take all
the credit. There is also the "avoiding talking about problems that
impact them".
>And what about practical applications of those concepts ? Implement the
>OpenSSL API, in a simple client/server model ?
In March, you commented [1] that "Unlike, OpenSSL we do not support
weak ciphers".
>And how many can explain the technical details behind Heartbleed :p ?
How many servers in Mauritius were affected by Heartbleed?
Regards,
S. Moonesamy
1.
http://lists.elandnews.com/archive/mauritius/internet-users/2015/03/0096.html
Received on Sun Nov 01 2015 - 09:52:13 PST