Re: bounties for exploits against CentOS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/17/2012 9:25 AM, Les Mikesell wrote:
> On Tue, Jan 17, 2012 at 11:12 AM, Bennett Haselton
> <bennett@xxxxxxxxxxxxx>  wrote:
>> Pretty much all software testing is predicated on this notion -- that as
>> you find and fix more bugs (of any kind, not just security bugs),
>> eventually the mean time to find the next bug should get larger.
>> Otherwise, what's the point, if at the end of all your testing and
>> fixing, users keep running into bugs at the same frequency as before?
> Look though the changelogs of any major application or the kernel
> itself.  See if it looks like the world is running out of bugs.
>

Well if the software itself is constantly being modified in other ways 
(addition of new features) then of course you'll never run out of new 
bugs either :) But even for software where the features are frozen, bugs 
in a given category should eventually get harder to find, and/or should 
be less severe than at the beginning of the cycle (which seemed to be 
the case whenever I worked in testing).

If this were not the case, then what would even be the point of doing 
any testing and bug-fixing at all?  Unless you expect that eventually 
the remaining bugs become rarer or less severe.

Bennett
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux