[dns-operations] CVE 2015-8000 actively exploited yesterday

David C Lawrence tale at akamai.com
Thu Dec 17 08:05:05 UTC 2015


Paul Vixie writes:
> i knew one thing for sure, which i made into an unbreakable law for
> the bind9 team: no remote code execution errors. robert halley then
> offered an eiffel-styled assertion syntax, which was then used
> everywhere:

"Design by contract."  As one of that team, personally I think it was
a good call and still think of it as one of Bob's excellent design
decisions.

It is not without an occasional flaw that you can rationally blame it
for causing a crash that would not otherwise have been a problem (as
seen in one recent CVE), but on balance it is very successful for
constraining assumptions and ferreting out genuine problems.



More information about the dns-operations mailing list