At 02:23 PM 20/10/97 -0700, Bill Stout wrote:
## Reply Start ##
>A question was asked about the trustability of binary code (executables)
>where no one outside the company could review source code. Answer: You
>can't. You must blindly trust the company to secure the code up to and
>through compile. If you're a government or 'national infrastructure'
>entity, it's much deeper question on who you can trust.
>The improved techniques a firewall uses can be peer reviewed, and if a
>technique does not pass muster via peer review, it ain't an improvement.
Doesn't TIS espouse a 'Crystal Box' policy for gauntlet, whereby they
supply the source code? Doens't this allow people outside the company
to review it?
Or was I thinking of another hotly debated issue on this list a while back?
/anton - who knows better than to argue with the likes of FA or MJR over
## Reply End ##