Firewalls: Re: having the source -

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: having the source -
From:	peter @ nmti . com
Date:	Fri, 28 Apr 95 14:38:55 -0500
To:	amolitor @ anubis . network . com (Andrew Molitor)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	Your message of "Fri, 28 Apr 95 10:50:11 CDT." <9504281550 . AA03228 @ anubis . network . com>

> 	If you do such review, what do you look for? Are you looking
> for trojans? Checking coding style for general quality? Understanding
> the underlying algorithms? Doing line-by-line inspections for
> correctness?

I keep an eye out for trojans, but mostly I'm looking to understand how
the software works. Not so much underlying algorithms, but overall organization
and data flow. I may not actually go through the source in *detail* until I
run into a problem, maybe I misunderstand the documentation, maybe the
documentation is unclear, maybe the documentation doesn't match the code,
maybe I'm trying to do something unanticipated, whatever it is I need to
plow into the source and figure out *why* it does what it does.

More often, though, the source is simply a reserve, a hedge against the loss
of the vendor.

-- 
Peter da Silva                                            `-_-'
Network Management Technology Incorporated                 'U`
1601 Industrial Blvd.     Sugar Land, TX  77478  USA
+1 713 274 5180                                "Har du kramat din varg idag?"

References:

having the source -
From: amolitor @ anubis . network . com (Andrew Molitor)

Indexed By Date	Previous:	No resolver. From: Madhu Muchalambkar <telenet!astro!madhu @ uunet . uu . net>
Indexed By Date	Next:	Re: Secure Modem Pool From: woods @ ncar . ucar . edu (Greg Woods)
Indexed By Thread	Previous:	having the source - From: amolitor @ anubis . network . com (Andrew Molitor)
Indexed By Thread	Next:	Re: having the source - From: Ken Hardy <ken @ bridge . com>