Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well, it's been a while with no security issues, hasn't it? That's mostly how software ends up being considered secure.


No, I think having a high quality secure design and a security audit by examining code is how software is considered secure. OpenBSD audits every line of code that it ships, and the last remote root exploit I could find was 2007. DJB's stuff (qmail, djbdns) are designed to be secure from the ground up, and I believe are considered to be secure. (Opinions vary about other aspects of his stuff, though.) "It's been a while since I heard of a virus on Mac OS" is how Mac OS is often considered secure, yet the list of remote exploits is rather large [2], compared to OpenBSD's (exploit-db.com doesn't even know of the 2007 one, but Mac OS has more remote exploits than OpenBSD has local explots [3]!)

[1] http://www.coresecurity.com/content/open-bsd-advisorie [2] http://www.exploit-db.com/remote/?p=osX [3] http://www.exploit-db.com/platform/?p=openbsd


Have you actually seen the OSX exploits listed? It's to do with .exe binaries or Internet Explorer that has nothing to do with OSX.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: