In a previous life I wrote the software that controlled my physics experiments. That software had to deal with all kinds of possible failures in equipment. That is probably where I learned to rely on multiple safety nets inside and around my systems.

Wietse Venema

This will surprise some of your readers, but my primary interest is not with computer security. I am primarily interested in writing software that works as intended.

Wietse Venema

At the time the Sendmail program had a very poor reputation with respect to security, with four root vulnerabilities per year for two successive years.

Wietse Venema

Like all software, Qmail can survive only when it keeps up with changing requirements.

Wietse Venema

The challenge with Postfix, or with any piece of software, is to update software without introducing problems.

Wietse Venema

My reply is: the software has no known bugs, therefore it has not been updated.

Wietse Venema

One bug in an SMTP server can open up the whole machine for intrusion.

Wietse Venema

However, writing software without defects is not sufficient. In my experience, it is at least as difficult to write software that is safe - that is, software that behaves reasonably under adverse conditions.

Wietse Venema

The Postfix security model is based on keeping software simple and stupid.

Wietse Venema

I don't expect an overnight change of all desktops to what the US Military used to call B3 level security. And even that would not stop users from shooting themselves into the foot.

Wietse Venema