Door Anoniem: Wat stel je voor dan? De Linux kernel alleen al, had vorig jaar meer dan 2500 CVE's. Dat komt hierdoor: Note, due to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team is overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team. https://docs.kernel.org/process/cve.html OpenBSD pakt al heel lang security aan door domweg bugs op te sporen en te repareren, zonder zich zorgen te maken over de vraag of het nou wel of geen security issue is, dat ontdek je namelijk typisch pas later dan de bug zelf: Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to ...