Language Selection

English French German Italian Portuguese Spanish

Software flaws don't negate "many eyes" in open source

Filed under
OSS
Security

The allegations from Greg Perry regarding backdoors allegedly placed within OpenBSD about a decade ago seem to be shifting more and more into the realm of fantasy as each day goes by.

To date, Perry has not responded to my inquiry regarding his Dec. 11 e-mail to OpenBSD founder Theo de Raadt, nor to my knowledge has he responded publicly anywhere else. Meanwhile, the two (or three, depending on how you count it) people named in Perry's message to de Raadt as parties to this supposed backdoor activity, Scott Lowe and Jason Wright, have denied their involvement--the latter within the same [openbsd-tech] thread that started all this.

Since no one has heard any more from Perry, I will decline to speculate why he made these accusations, except to note that sometimes silence can speak volumes, and this may indeed be one of those instances.

While the accusations fly, de Raadt has indicated at least to one media outlet that an audit of this part of the OpenBSD code has found some bugs.

"We've been auditing since the mail came in! We have already found two bugs in our cryptographic code. We are assessing the impact. We are also assessing the 'archeological' [sic] aspects of this," de Raadt told iTWire.

It is not clear whether these bugs would allow the insertion of a backdoor or sideways entry-point into an OpenBSD system, nor if, based on de Raadt's statements to iTWire's Sam Varghese, these are the only bugs in this part of OpenBSD.

My colleague Glyn Moody tapped on any possible existence of such bugs in OpenBSD--planted or not--as a fundamental problem with one of the core tenets of free and open source software (FLOSS) development:

rest here




More in Tux Machines

OPNsense 16.7

  • OPNsense 16.7 released
  • pfSense/m0n0wall-Forked OPNsense 16.7 Released
    The latest major release is out of OPNsense, a BSD open-source firewall OS project derived from pfSense and m0n0wall. OPNsense 16.7 brings NetFlow-based reporting and export, trafic shaping support, two-factor authentication, HTTPS and ICAP support in the proxy server, and UEFI boot and installation modes.

New Blackmagic and Wine

Linux Foundation and Linux

  • Google, Samsung, Radisys join CORD project
    The Open Networking Lab (ON.Lab) and The Linux Foundation have spun off the Central Office Re-architected as a Data Center (CORD) initiative into its own, new open source project, and Google, Samsung Electronics and Radisys are joining the CORD and ONOS Projects as new partners. Google plans to host the first CORD Summit on July 29 at Google Sunnyvale Tech Corner Campus in California, where industry leaders, network architects and administrators, developers and engineers will convene.
  • CORD Project Aims to Bring Cloud Agility to Service Providers
    The CORD Project recently became an independent project hosted by The Linux Foundation. CORD (TM) (Central Office Re-architected as a Datacenter), which began as a use case of ONOS®, brings NFV, SDN, and commodity clouds to the telco central office and aims to give telco service providers the same level of agility that cloud providers have to rapidly create new services. Major service providers like AT&T, SK Telecom, Verizon, China Unicom, and NTT Communications, as well as companies like Google and Samsung, are already supporting CORD.
  • Linux Kernel 4.4.16 LTS Released with Over 150 Changes, It's Already in Solus
  • Linux Kernel 4.6.5 Has Numerous Nouveau Improvements, ARM and ARM64 Fixes
  • Linux Kernel 4.6.5 and Kernel 4.4.16 released
    Just after a couple of weeks,Linux Kernel 4.6.4 and 4.6.15 release was announced,here comes the next release in both series of Linux kernel 4.6 and 4.4. Both the releases are to bring fixes and improvements in performance.There are some workarounds made in GPU drivers,Wireless,USB,Sound and others can be checked in the change log,Of Course. In the Kernel 4.6.5 there are 220 files changed,1754 files inserted newly and 998 deletations are made.On the other hand,Linux kernel 4.4.16 has 156 files are changed,1475 insetations and 845 deletations are notified as per the announcement.
  • Linux 4.7 now out with enhanced security and advanced graphics support

BSD Leftovers

  • FreeBSD Q2'2016: EFI Improvements, Prepping For FreeBSD 11.0, Package Updates
    For FreeBSD fans not closely following its development on a daily basis, the FreeBSD project has released their Q2'2016 quarterly status report that covers various activities going on around this BSD operating system project.
  • EuroBSDCon 2016 schedule has been released
    The EuroBSDCon 2016 talks and schedule have been released, and oh are we in for a treat! All three major BSD's have a "how we made the network go fast" talk, nearly every single timeslot has a networking related talk, and most of the non-networking talks look fantastic as well.