> On the other, do we really need such a thing in order prove that > Daniel J. Bernstein writes better, safer code than Lennart Poettering?
No, but we also don't need a double-blind study to show that the average programmer's approach to security is a lot closer to Poettering's than djb's. (I say this as a compliment to djb, not a dig at Poettering.) It seems obvious that there would be at least a weak correlation between LoC and attack surface, if only because the code that makes up the attack surface contributes to LoC. I'd need to see some substantial evidence to believe the claim that the coefficient is <= 0. > The *form* of > the attack was tailored to that specific dependency chain, but the > reason why systemd and XZ were attacked and exploited is because they > exist. If that dependency chain did not exist, if systemd were better > designed, then the attack would have taken a different form, one > tailored to that reality instead of ours. Okay, but that goes for all attacks. If the WebP vulnerability didn't exist, then people would have exploited iPhones using some other vulnerability instead. This is unrelated to the fact that the WebP vulnerability wouldn't have occurred if not for some bad choices made in libwebp. Similarly, patching sshd to add new runtime dependencies is a bad idea, and the people who did that should know better. It's true that the same social and technical techniques that were used to insert the XZ backdoor could hypothetically have been applied to a different runtime depency of sshd. This still doesn't absolve anyone of blame, or make it unreasonable to say that systemd played a part in making the XZ attack possible. If you want to qualify that statement with "in this reality," that's okay with me, but I think most people interpret most statements with that qualification implicit. -Ben _______________________________________________ Discuss mailing list Discuss@driftwood.blu.org https://driftwood.blu.org/mailman/listinfo/discuss
