On Thu, 27 Apr 1995, Andrew Molitor wrote:
> Here's a simple quick question, the answer to which will vary
> from person to person. Why do you want the source for your security tools?
In our experience, we've had to make a number of modifications to
existing tools and packages before they fit into the environment here.
Having the source makes that possible. The alternative is to pay someone
else who has the source to make modifications according to our
specifications and experience. While that is certainly possible, and has
been and continues to be done for software we don't install and support
directly, the source is indeed valuable.
In our view, "security tools" aren't just limited to firewall software
and auditing systems. The entire of what runs on our external interfaces
constitutes our security perimeter, from the NNTP daemons on the Usenet
machines to the reception system code members run on their PCs to
access the Prodigy service. Having source code makes it easier to
provide exactly what we need to implement the service at all levels.
On a similar note, we run at least one operating system here (non-Unix)
which is only available as source. Since it's a relatively uncommon
product, and this particular application (running an online service) is
not what that OS was really designed for, having the source makes sense
from an operational and business perspective.
"Outside of a dog, a book is a man's best friend;
inside of a dog, it's too dark to read." -- Groucho Marx
Re: TRUST US
From: amolitor @
com (Andrew Molitor)