thus Robert Moskowitz spake: > Timo Schoeler wrote: >> thus Eero Volotinen spake: >> >>>> Probably not, or someone would have found them in the last five years. >>>> >>> Probably yes, it's hard to security audit complex software packages. >>> >> Yes; my bet would be that OpenBSD's smtpd will be the most secure MTA >> (when it hits the streets for production). That does NOT mean that it is >> scalable (well, yet to prove). >> >> >>>>> At least I don't want to run software with poor security track on my >>>>> public servers. >>>>> >>>> So you don't run the Linux kernel? Wade through the changelog sometime. Or >>>> BIND? it is unrealistic to think large software packages don't have bugs or >>>> that they won't be found and fixed over time. >>>> >>> I usually prefer softwares with good security track. Anyway kernel is >>> not usually exposed directly to internet, >>> >> An IP stack which is part of the kernel *is* (more or less) directly >> exposed to the internet as long as there's the appropriate cable >> connected to that machine. > > I am working on Smart Grid and am hearing talk about we can secure the > Smart Grid with Layer 2 security and we are done. ARGH!!!! I gave a > presentation on this at the 802 meeting last week. Sometimes I feel like > I am beating on mush... Ah, you're talking of 802.1x? Nothing funnier than marketing guys telling you how to secure and run your network. ;) Timo