Firewalls: Re: sex, lies, and firewall code

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: sex, lies, and firewall code
From:	Anton J Aylward <anton @ Toronto . com>
Date:	Mon, 20 Oct 1997 23:31:29 -0400
To:	Bill Stout <stoutb @ pios . com>, firewalls @ GreatCircle . COM

At 02:23 PM 20/10/97 -0700, Bill Stout wrote:
## Reply Start ##
>
>Firewall code:
>A question was asked about the trustability of binary code (executables)
>where no one outside the company could review source code.  Answer: You
>can't.  You must blindly trust the company to secure the code up to and
>through compile.  If you're a government or 'national infrastructure'
>entity, it's much deeper question on who you can trust.
>
>The improved techniques a firewall uses can be peer reviewed, and if a
>technique does not pass muster via peer review, it ain't an improvement.

Doesn't TIS espouse a 'Crystal Box' policy for gauntlet, whereby they
supply the source code?  Doens't this allow people outside the company
to review it?

Or was I thinking of another hotly debated issue on this list a while back?

/anton - who knows better than to argue with the likes of FA or MJR over
	    firewall issues.

## Reply End ##

Indexed By Date	Previous:	Re: sex, lies, and firewall code From: Bernd Eckenfels <lists @ lina . inka . de>
Indexed By Date	Next:	[no subject] From: "Seong-Jung, Kim." <sjkim @ hdpc . co . kr>
Indexed By Thread	Previous:	Re: sex, lies, and firewall code From: Rick Murphy <rick @ paimail . com>
Indexed By Thread	Next:	Re: sex, lies, and firewall code From: Graham Wheeler <gram @ cdsec . com>