ATTN: You keep hearing how great but don't believe it.

Posted August 9, 200816 yr

From: Linus Torvalds <torvalds <at> linux-foundation.org>

Subject: Re: [stable] Linux 2.6.25.10

Newsgroups: gmane.linux.kernel

Date: 2008-07-15 16:13:03 GMT (3 weeks, 4 days, 6 hours and 17 minutes ago)

On Tue, 15 Jul 2008, Linus Torvalds wrote:

> So as far as I'm concerned, "disclosing" is the fixing of the bug. It's

> the "look at the source" approach.

Btw, and you may not like this, since you are so focused on security,

one reason I refuse to bother with the whole security circus is that I

think it glorifies - and thus encourages - the wrong behavior.

It makes "heroes" out of security people, as if the people who don't

just fix normal bugs aren't as important.

In fact, all the boring normal bugs are _way_ more important, just

because there's a lot more of them. I don't think some spectacular

security hole should be glorified or cared about as being any more

"special" than a random spectacular crash due to bad locking.

Security people are often the black-and-white kind of people that I

can't stand. I think the OpenBSD crowd is a bunch of masturbating

monkeys, in that they make such a big deal about concentrating on

security to the point where they pretty much admit that nothing else

matters to them.

To me, security is important. But it's no less important than everything

*else* that is also important!

Linus

Download the Open Source Security Study Today. Fortify's Open Source

Security Study reveals that the most widely-used open source software

packages for the enterprise are exposing users to significant and

unnecessary business risk. Download this ground-breaking study and learn

how:

Open Source Software (OSS) development communities have yet to adopt a

secure development process and often leave dangerous vulnerabilities

unaddressed Nearly all OSS communities fail to provide users access to

security expertise to help remediate

Quote

Featured Replies