On Fri, Dec 24, 2021 at 7:50 AM Bryan Kilgallin <kilgal...@iinet.net.au> wrote: > > The comment against open-source DOS is at the end of this discussion. > See after 26 minutes.
,<...> The concern I see is "legacy" code. There are millions of lines of legacy code in production. They were tested and debugged, and considered bug free. So you get things like the problems with "bind" years back, where bad actors found a vulnerability they could use to compromise systems. The threats resulting did not exist when the bind code was written, and it got incorporated into an enormous number of things. The Log4J vulnerability is another example. Almost no programs are self-contained now. Just about everything uses libraries, which are *inte3nded* to promote code reuse. Log4J got incorporated into huge numbers of Java projects. So everyone faces the issue of fully understanding all of the parts that make up their application, with what library functions are called, and the practical impossibility of doing a full security audit on all of it. (Open source is one thing, but what if there is proprietary code you can't get source for tmpm do the audit? And no, proprietary code will not go away in favor of open source. Tough. Deal. And it assumes you are *competant* to perform a full security audit. Odds are, you aren't.) Things will get fixed when someone *breaks* them. Till then, everyone has other things to do. I'm aware of the Log4J vulnerability, but did not (and won't) wat6ch the video. I can *read* far faster than I can watch, and my scarce resource is time. But that said, I don't *care* that the chap on the video suggested DOS should go away. I'm a little surprised other folks do care. DOS, in both commercial and open source versions, is still in use, and isn't going away. It won't go away till folks stop using it. His opinion is simply irrelevant. ______ Dennis _______________________________________________ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user