Bind-Efficientip

[Ondřej Surý]

(This post is not related to EfficientIP specifically...)

The ratio of security vulnerabilities found by “code inspection” is really low nowadays. I would even say it’s nonexistent. This doesn’t apply only to BIND 9, but also other open source projects.

Most of the issues are found by using the product in non expected ways. The open source gives you the ability to quickly fix the issue.

We, at ISC, greatly value transparency and we carefully evaluate every issue for potential security impact of every crash and other issues. Whether this makes BIND 9 more appealing or appalling to you, is a thing you need to decide yourself.

I’ve been part of the open source community for more than 20 years now and I don’t ever remember where security by obscurity has ever improved overall state of things, and both open source and proprietary software have seen its share of bugs. In the end, all we as software users can ask is to be treated fairly and honestly.

Ondřej 
--
Ondřej Surý — ISC

> On 21 Oct 2019, at 18:01, Kevin Darcy <kevin.darcy at fcagroup.com> wrote:
> 
> But, it's harder for the bad guys to find. They have to use fuzzing, reverse engineering, etc.