Hacker News new | past | comments | ask | show | jobs | submit login

To assume that the people behind OpenBSD put protections against that into their C programs is one of the less wild assumptions to entertain.



On the contrary, without reviewing the code you call that is the worst possible assumption you could entertain.

But hey, why bother reviewing the code you call, the docs say that it is secure and that makes it so, right?


Calm down Jack. I wrote that it's one of the less wild assumptions: not that it's a reasonable assumption.

To trust the OpenBSD's code with regards to security is more of a safe bet than trusting a lot of other organization's code. But of course, that's a relative statement: maybe it's still a horrible assumption.


I'm pretty calm, it's just that I think that a reputation based approach to security is a bad one, especially because it creates a blind spot.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: