Thank you Rick!
I was wondering where all these top line security people got the time to tinker with source code. I barely have the time to do what I am supposed to do here and keep up with the general drift of the list.
As far as I am concerned I would rather NOT have source code available for the products I buy. It gives me an extra two hours against the hackers.
Shalom Beracha VeTova
Rabbi Haim Cassorla
----------
From: Rick Romkey[SMTP:pokey @
maddie .
atlantic .
com]
Sent: Wednesday, October 16, 1996 4:44 AM
To: Todd Graham Lewis
Cc: michael @
memra .
com; firewalls @
GreatCircle .
COM
Subject: Re: Checkpoint -
>
> > If there is no source code to examine, then how do you know whether it's
> > true or not? Reverse engineering isn't the answer because it can be
> > difficult to extrapolate the higher level function of a piece of machine
> > language code. Even the guy making the claims said that the reverse
> > engineering only "seemed" to point to a backdoor. And not knowing the
> > skill level of the reverse engineer and not having access to the source
> > code, how can we figure out who is right?
> >
> > Full source code disclosure is the only way, IMHO.
>
> Seconded. Do I hear objection?
You know, ever since I have been on this list people keep claiming that
they need source code in order to be able to examine the security that
a firewall uses.
Do you really think this is a criteria that most purchasers of a security
product have? I don't. In fact, I don't think one customer has ever
asked me about source code availability, and I would argue that 95%
of the people out there don't care...
Comments?
-Rick
----------------------------------------------------------------------------
Rick E Romkey | A T L A N T I C | Internet
pokey @
atlantic .
com | Computing Technology Corporation | Specialists
(860) 667-9596 | http://www.atlantic.com/ |
-----------------------------------------------------------------------------
Follow-Ups:
-
RE: Checkpoint -
From: Todd Graham Lewis <lists @
reflections .
mindspring .
com>
|
|
