| Bad reasons to trust code: * “Many __informal__ eyes have probably looked at it” * Lack of recent __number__ of (known) vulnerabilities * “Serious guys” (appeal to authority) I think you’re using short-hand, but perhaps the short-hand should be different. E.g. * A list of audits by date, independent organization, is provided __here__ which is evidence of review * The vulnerability acknowledgement, correction and release process is prompt, accurate and detailed, which is documented __here__ * XYZ coding, testing, fuzzing, proving, bounty, integration with other systems, documentation, defaults etc. practices are used in the interest in hardening the code, limiting moving parts, attack radius, etc. |
Yes I was using short-hand.
Because you're the only one here trying to make the stupid argument that OpenSSH code is somehow not trustworthy.
Frankly, if you don't trust OpenSSH code for the reasons you suggest, then you should not be trusting any Operating System, whether BSD, Linux, Mac or Windows.
As I said, OpenSSH is used extensively, INCLUDING in security-critical environments, the sort of security-critical environments that you can be sure have done their homework, even if they don't publish it.
The simple fact of the matter is this:
Given the widespread global deployment of OpenSSH for DECADES now, if there were shortcomings in the code, you would have heard of it because we would be seeing BILLIONS of compromised endpoints.
Fact is, there aren't, unless you haven't bothered to update your system in the last decade.
So you can talk about fuzzing or whatever until you are blue in the face, but widespread global deployment is hard to beat, because that's REAL WORLD, failed attempts at finding zero-day exploits and all !