Announcement

Collapse
No announcement yet.

Another X.Org Security Bug Found, Dates Back To 1991

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Another X.Org Security Bug Found, Dates Back To 1991

    Phoronix: Another X.Org Security Bug Found, Dates Back To 1991

    Another X.Org Security Advisory had to be publicly issued today to make known a buffer overflow in an X.Org library that's been present in every X11 release from X11R5 and the code was completed way back in 1991...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Someone should track records for longest-running security bugs in X. 23 years sounds about right for the current record

    Comment


    • #3
      I can just imagine how much shit is going around and swimming and singing inside Xorg's source code...

      Comment


      • #4
        "given enough eyeballs, all bugs are shallow"



        after a some time...

        Comment


        • #5
          Originally posted by michal View Post
          "given enough eyeballs, all bugs are shallow"



          after a some time...

          There weren't enough eyeballs because most people who dare to look at the abomination of the X source code tend to go blind (and clinically insane) very quickly. Note that it was an automated tool that found the bug

          Comment


          • #6
            X.Org: Constantly being improved.

            Comment


            • #7
              Originally posted by michal View Post
              "given enough eyeballs, all bugs are shallow"



              after a some time...
              "In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".".

              Comment


              • #8
                Originally posted by Sergio View Post
                "In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".".
                Of course, the authors making such a claim are from Microsoft.

                Comment


                • #9
                  Originally posted by johnc View Post
                  X.Org: Constantly being improved.
                  Just loved your comment. Now updating my X.org..........

                  Comment


                  • #10
                    Originally posted by Sergio View Post
                    "In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".".
                    Both, Linus's and Microsoft's conclusions are logically flawed.
                    Open Source has more eyeballs, but each project is different and the code is different and the project members are different. Case in point - I wanna kill a few Qt devs because they're so nitpicky about the code I wanted to contribute.
                    Whether the code is open or closed source doesn't make it "better" in any way, not even security-wise, there's always half-truths that you can pick to support either claim. It's just like those idiots who say "(all) women are bla-bla" or those idiot women who say "(all) men are bla-bla", and in each case pick only the facts that support their views. Democrats vs republicans, etc, typical logical crap.

                    Comment

                    Working...
                    X