1. 5
    NTPsec dodges 8 of 11 CVEs because we’d pre-hardened the code (2016) c networking practices security esr.ibiblio.org
    duncan_bayne avatar via duncan_bayne 2 years ago |
    Archive.org Archive.today Ghostarchive
    | 5 comments
    1. 2
      zie avatar zie edited 2 years ago | link

      Published 2016-05-04

      How is this relevant today?

      Note: ntpsec is apparently still alive here: https://gitlab.com/NTPsec/ntpsec

      1. 1
        duncan_bayne avatar duncan_bayne 2 years ago | link

        Because their approach to hardening - simplifying, and removing code - is timeless.

        I posted the article for that, not because I thought that five year old NTPsec news is particularly relevant :)

        1. 1
          zie avatar zie 2 years ago | link

          I agree simplifying and removing code is timeless.

          1. 2
            zk avatar zk 2 years ago | link

            I think it’s pretty hard to argue against that… (No?)

            1. 3
              duncan_bayne avatar duncan_bayne 2 years ago | link

              I’ve not seen it argued against, but I have seen it passed over or ignored as a viable strategy.