Estimate for the total number of exploitable bugs in large linux distro?
Ryan Carboni
ryacko at gmail.com
Sat Jul 15 19:28:26 PDT 2017
https://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/
Based on the number of concurrent discovered bugs, at least a few.
Statistical techniques won't work when it is only discovered bugs.
https://en.wikipedia.org/wiki/Selection_bias
But the fact that severe bugs are in a distro for over a year makes it
irrelevant how many there is. A systematic effort to search for bugs and to
anonymously create honeypots is needed.
Arguably the best technique would be to reuse TOR directory server private
keys as bitcoin addresses for a crowdsourced bug bounty effort.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 865 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20170715/cf0e7703/attachment.txt>
More information about the cypherpunks
mailing list