Remix.run Logo
trashb an hour ago

One bug found is a testament to the great diligence and culture around security of OpenBSD. Especially if you take into account the amount of resources they have been able to achieve this with.

gnoack a few seconds ago | parent | next [-]

+1

It is also a testament to solid engineering and attention to good security practices in general. These still work, also against fancy new AI attackers.

When sophisticated attacks become cheaper to run, maybe it will (finally) be cheaper to do more solid engineering instead of being in indefinite bug-squashing mode.

beanjuiceII 32 minutes ago | parent | prev | next [-]

one bug is all it takes

bell-cot 9 minutes ago | parent | next [-]

In theory.

But real defenses are generally multi-layered. And in that context, a Swiss cheese slice with only one hole is still extremely valuable.

JCattheATM 3 minutes ago | parent [-]

Well, that's where OpenBSD falls short, it lacks facilities to really enforce defense in depth - even NetBSD has some better features in this regard.

Analemma_ 22 minutes ago | parent | prev [-]

LPEs do need to be fixed, but for most people it's not a threat model they need to worry about.

sunshine-o an hour ago | parent | prev [-]

Exactly, the entire AI industry has been trying to create an AI powered security arm race. I am not necessarily blaming them.

Hard to know how much has been thrown into this but I would bet a lot.

So far I have been very surprised we haven't been flooded by those type of announcements. If you look you will always find something and OpenBSD is the top price.

cratermoon 11 minutes ago | parent [-]

They are throwing tokens at codebases and finding mostly vulnerabilities in cases that have not been worth the limited time and effort of the chronically underfunded and understaffed professional groups. There’d be a lot more value in the companies giving the money they spend on their synthetic text extruders to the organizations doing quality security research work.