Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: Another X.Org Security Bug Found, Dates Back To 1991

  1. #1
    Join Date
    Jan 2007
    Posts
    15,133

    Default Another X.Org Security Bug Found, Dates Back To 1991

    Phoronix: Another X.Org Security Bug Found, Dates Back To 1991

    Another X.Org Security Advisory had to be publicly issued today to make known a buffer overflow in an X.Org library that's been present in every X11 release from X11R5 and the code was completed way back in 1991...

    http://www.phoronix.com/vr.php?view=MTU2Mjg

  2. #2
    Join Date
    Sep 2008
    Location
    Vilnius, Lithuania
    Posts
    2,601

    Default

    Someone should track records for longest-running security bugs in X. 23 years sounds about right for the current record

  3. #3
    Join Date
    Mar 2008
    Posts
    575

    Default

    I can just imagine how much shit is going around and swimming and singing inside Xorg's source code...

  4. #4
    Join Date
    Nov 2010
    Posts
    78

    Default

    "given enough eyeballs, all bugs are shallow"

    http://en.wikipedia.org/wiki/Linus's_Law

    after a some time...

  5. #5
    Join Date
    Dec 2011
    Posts
    74

    Default

    Quote Originally Posted by michal View Post
    "given enough eyeballs, all bugs are shallow"

    http://en.wikipedia.org/wiki/Linus's_Law

    after a some time...

    There weren't enough eyeballs because most people who dare to look at the abomination of the X source code tend to go blind (and clinically insane) very quickly. Note that it was an automated tool that found the bug

  6. #6
    Join Date
    May 2011
    Posts
    1,560

    Default

    X.Org: Constantly being improved.

  7. #7
    Join Date
    Feb 2012
    Posts
    253

    Default

    Quote Originally Posted by michal View Post
    "given enough eyeballs, all bugs are shallow"

    http://en.wikipedia.org/wiki/Linus's_Law

    after a some time...
    "In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".".

  8. #8
    Join Date
    Feb 2012
    Posts
    253

    Default

    Quote Originally Posted by Sergio View Post
    "In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".".
    Of course, the authors making such a claim are from Microsoft.

  9. #9
    Join Date
    Jul 2013
    Location
    Brasil
    Posts
    101

    Default

    Quote Originally Posted by johnc View Post
    X.Org: Constantly being improved.
    Just loved your comment. Now updating my X.org..........

  10. #10
    Join Date
    May 2012
    Posts
    868

    Default

    Quote Originally Posted by Sergio View Post
    "In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".".
    Both, Linus's and Microsoft's conclusions are logically flawed.
    Open Source has more eyeballs, but each project is different and the code is different and the project members are different. Case in point - I wanna kill a few Qt devs because they're so nitpicky about the code I wanted to contribute.
    Whether the code is open or closed source doesn't make it "better" in any way, not even security-wise, there's always half-truths that you can pick to support either claim. It's just like those idiots who say "(all) women are bla-bla" or those idiot women who say "(all) men are bla-bla", and in each case pick only the facts that support their views. Democrats vs republicans, etc, typical logical crap.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •