[CentOS] bounties for exploits against CentOS?

Bennett Haselton bennett at peacefire.org
Tue Jan 17 18:13:51 UTC 2012


On 1/17/2012 9:25 AM, Les Mikesell wrote:
> On Tue, Jan 17, 2012 at 11:12 AM, Bennett Haselton
> <bennett at peacefire.org>  wrote:
>> Pretty much all software testing is predicated on this notion -- that as
>> you find and fix more bugs (of any kind, not just security bugs),
>> eventually the mean time to find the next bug should get larger.
>> Otherwise, what's the point, if at the end of all your testing and
>> fixing, users keep running into bugs at the same frequency as before?
> Look though the changelogs of any major application or the kernel
> itself.  See if it looks like the world is running out of bugs.
>

Well if the software itself is constantly being modified in other ways 
(addition of new features) then of course you'll never run out of new 
bugs either :) But even for software where the features are frozen, bugs 
in a given category should eventually get harder to find, and/or should 
be less severe than at the beginning of the cycle (which seemed to be 
the case whenever I worked in testing).

If this were not the case, then what would even be the point of doing 
any testing and bug-fixing at all?  Unless you expect that eventually 
the remaining bugs become rarer or less severe.

Bennett



More information about the CentOS mailing list