Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Don't have all my sources on hand, but the last time I looked in to this the general conclusion I came to was that there's evidence to suggest that someone was in fact paid to put vulnerabilities into the IPSec stack of OpenBSD. But there was no evidence to suggest that those vulnerabilities ever got written or if they were written that they ever made it into the source tree.

I believe OpenBSD conducted an audit of their tree when rumours of an IPSec backdoor started and didn't find anything alarming.



Pretty ancient stuff to bring up, especially in this context. Here's the last denial I recall by one of the people accused of planting backdoors in OpenBSD. Note the date.

https://www.itworld.com/article/2744922/open-source-tools/op...


Sorry to indulge in tin foil hattery. But this all seems in conclusive.. has there been an independent audit of the components involved?


Following up my own question. Just read the security and audit details on OpenBSD page.

https://www.openbsd.org/security.html

It appears that there is a continuous audit of source code. So, even if a malicious hole was planted, it ought to be discovered in the years of repeated auditing. Cheers to OpenBSD!


Yes, it is the best OS for security, and the audits have gone on for the duration of the project.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: