|
Message-Id: <E1XbsC5-0000nw-Rz@rmm6prod02.runbox.com> Date: Wed, 08 Oct 2014 10:26:21 -0400 (EDT) From: "David A. Wheeler" <dwheeler@...eeler.com> To: "stephane.chazelas" <stephane.chazelas@...il.com> CC: "oss-security" <oss-security@...ts.openwall.com> Subject: Stéphane Chazelas: How *DID* you find Shellshock? This is a question for Stéphane Chazelas, but I'm "cc"ing oss-security because I think many of us want to know the answer. Stéphane: How *DID* you find Shellshock, in as much detail as you can recall? I'm told you found the bug after "reflecting on an earlier bug" you found in bash "a few months earlier." (http://www.smh.com.au/it-pro/security-it/stephane-chazelas-the-man-who-found-the-webs-most-dangerous-internet-security-bug-20140927-10mixr.html) What I'm hoping is that we can learn some lessons and re-apply them elsewhere. --- David A. Wheeler
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.