Estimate for the total number of exploitable bugs in large linux distro?
Georgi Guninski
guninski at guninski.com
Sat Jul 15 01:54:44 PDT 2017
On Fri, Jul 14, 2017 at 10:22:32AM -0400, John Newman wrote:
> Bugs that already have some PoC or other code to exploit the issue? Or
> the sum total of all exploitable bugs, discovered and undiscovered?
>
> The first case should be relatively small with a very current
> release.. the second case obviously could be different.
>
I meant all bugs, including the unknown.
> >
> > Also, does the total number decrease, increase or change in other way
> > over time?
>
> Without patching, discovered bugs will increase over time. The actual
> number of bugs stays the same of course (again, without patching).
>
> Obviously you're a fool if you don't maintain your software...
>
Even with patching, adding new code introduces new bugs and versions
change relatively often in general.
There is some discussion on the oss-security mailing list, especially a
short paper of @Dan Geer.
More information about the cypherpunks
mailing list