What if you were taking a computer science course and a primary requirement is that you must discover 10 new security holes or you won't get a passing grade. Could you do it? Hard to say, right?
According to a post on the Bugtraq mailing list (thanks to Thor Larholm at PivX Solutions) there are 25 students in the class and all totalled they have discovered 44 new security holes in Unix platforms. Doing the math, that's about 206 discoveries short if everyone were to meet the passing requirements. At least one student said "After 300 hours of work and an A average on the exams, I expect to fail the course."
Nevertheless, finding 44 holes in Unix is quite an accomplishment and it does lead to more secure operating systems. Still somehow I find it troubling that the professor has made the assumption that there are 250 holes in Unix platforms for his students to discover.
How could he expect that to be true? It might be true, but what if it isn't? Then students fail the course! And if that turned out to be the case then who would have really failed?
End of Article
Doesn't look like the 25 students are required to come up with unique results.
If that is so then just 10 holes are theoretically enough to pass all students.
I read the item at Slashdot and it doesn't say they have to be unique among all classmates. I mean, in order for them to be unique, everyone would have to tell everyone else what they found. What happens if there is a tie? Or two people are testing the same one and one person simply submits it without testing as deeply as the second? All this really proves is that there are STILL plenty of holes in *nix OSes, even after all these years of open sores examination of the code... i mean, to hear the linux advocates put it, by now all this code should have been debugged 110%
Anonymous User December 31, 2004
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
Should Your Email Live in the Cloud? This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs.
New from Left-Brain.com - Manage VMware with PowerShell Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines. Solve your old problems using less code than you thought possible!
Register
If that is so then just 10 holes are theoretically enough to pass all students.
Anonymous User December 22, 2004