Subject: Re: FreSSH
To: John Nemeth <jnemeth@victoria.tc.ca>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: current-users
Date: 03/08/2002 00:45:02
jnemeth@victoria.tc.ca (John Nemeth) writes:

>      When you consider all the squawking that the OpenBSD crowd does
> about why their code is so secure because they audit it amongst other
> things, I want it to not have the bugs.  SSH is an extremely important
> security related application.  It shouldn't have security holes.

I'm always stunned that people can write what they consider to be
security-important code in a language with as many safety pitfalls as
C. While [Open]SSH has had a handful of logic vulnerabilites, there
have also been quite a few bounds-check vulnerabilites of the kind
that language designers have known how to avoid for nearly thirty
years.

        - Nathan