[afhsfsfdsss88]

Can we all finally accept the fact that what is most needed now is not a new whizbang but a comprehensive review of all of the core pieces of software that we depend on as a base for making new whizbangs?

How many critical and ancient bugs still remain undiscovered?

Everyday there is a new Telegram, Cryptocat, etc. all presumably being constructed on top of insecure libraries. What progress can we make with such shaky foundations?

There has been word that the Linux kernel devs are considering slowing new feature adoption for a time while focusing on bug discovery and elimination.

PLEASE, EVERYONE ELSE CONSIDER DOING THE SAME.

[newman314]

At a minimum, commonly used security packages should be reviewed and OS distribution maintainers commit to updating to latest versions of said packages regardless of the age of the OS.

For example, Ubuntu 12.04 LTS uses an older version of OpenSSH and OpenSSL. There should be no reason why Ubuntu (and others) can't commit to updating to the latest versions so that features in say OpenSSH 6.5p1 are avail. BTW, saying that you can compile and install this yourself is noted beforehand but honestly, how many people do that on a regular basis?

What I'm getting at is that security software can and should be held to a higher and current standard precisely because it affects so many other pieces of software in fundamental ways. It's not a big deal if the latest version of bc is not installed but it sure is if GnuTLS or OpenSSL is broken.