FreeBSD Transient Memory problem?

My Email jonathon.s.wright at gmail.com
Thu Sep 12 17:40:21 UTC 2013 

I hear ya, except they (the team) has successfully played the fallacy of 'shifting the burden of proof' to our management. I've argued that to them already but they refuse to put the burden of proof back on the inspection team.

...So now its up to me to prove FreeBSD does not have this issue when it should be up to them to prove FreeBSD does.

I kinda figured it was not a battle that I'm supposed to win, since the problem they've presented cannot be proven true or false without more info. The only info I have is what was posted in the forums though.

Will update if new details unfold.

JW

On Sep 12, 2013, at 4:49 AM, Julian Elischer <julian at freebsd.org> wrote:

> On 9/12/13 8:15 AM, Jonathon Wright wrote:
>> All,
>> 
>> I have posted this question (username-scryptkiddy) in the forums:
>> http://forums.freebsd.org/showthread.php?t=41875
>> but was suggested to bring it here to the mailing list for discussion.
>> 
>> Basically, FreeBSD 8.3 (64bit) is what we use in our shop. We were
>> inspected by a security team and they had issues with FreeBSD's memory
>> management.
>> 
>> Namely the transient memory and object reuse areas of FreeBSD. They claimed
>> that FreeBSD did not have a Common Criteria (EAL1-4) evaluation completed,
>> and therefore was vulnerable to the Transient memory problem.
>> 
>> Our higher ups need some sort of documentation / testing  that can be used
>> to counter this, since changing Operating Systems is not something we have
>> time / manpower to do, but might have too based on this supposed 'finding'.
>> 
>> The post has all the details. Let me know I need to repost in this as well.
> 
> Pretty much all they've proved to me is that they have no idea of what they are talking about.
> You need to ask them for a better description of the problem as so far all you've
> seen is about a hundred computer science professionals rolling around on the floor
> laughing when you showed them the paragraph from the report..
> 
> and you can quote me on that one.
> 
>> 
>> JW
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>> 
>

More information about the freebsd-security mailing list