24 Nov
2009
24 Nov
'09
3:15 p.m.
Probably not, or someone would have found them in the last five years.
Probably yes, it's hard to security audit complex software packages.
At least I don't want to run software with poor security track on my public servers.
So you don't run the Linux kernel? Wade through the changelog sometime. Or BIND? it is unrealistic to think large software packages don't have bugs or that they won't be found and fixed over time.
I usually prefer softwares with good security track. Anyway kernel is not usually exposed directly to internet, but some server software are directly.
-- Eero