Firewalls: Re: Having the source code

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Having the source code
From:	joshua geller <alkahest!joshua @ dee . retix . com>
Date:	Sat, 29 Apr 1995 12:15:31 -0700
To:	kovar @ NDA . COM
Cc:	smith @ sctc . com, firewalls @ GreatCircle . COM, smith @ sctc . com
In-reply-to:	<199504282220 . SAA15491 @ nda . nda . com> (message from David Kovar on Fri, 28 Apr 1995 18:20:29 -0400 (EDT))

>     How many operators of firewalls have both the time and the
>   expertise to truly understand several thousand lines of someone
>   else's source code? It may give you a warm fuzy feeling to have
>   it, but unless you're going to take the time to go over it
>   line by line and verify it, is it really going to help you?

applications that are either nonproprietary or GPL'ed or otherwise
supplied with source, especially popular applications, tend to have
a large number of people picking through the code. sometimes hundreds
or thousands. so bugs get discovered much faster, patches are generated
much faster, and it is a matter of patching and recompiling to fix the
bug even if you have not been actively hunting for them yourself. 

josh

References:

Re: Having the source code
From: David Kovar <kovar @ NDA . COM>

Indexed By Date	Previous:	Re: Having the source code From: Quentin Fennessy <Quentin . Fennessy @ SEMATECH . Org>
Indexed By Date	Next:	Re: TRUST US From: patrick @ oes . amdahl . com (Patrick Horgan)
Indexed By Thread	Previous:	Re: Having the source code From: David Kovar <kovar @ NDA . COM>
Indexed By Thread	Next:	Re: Having the source code From: cmcurtin @ clipper . cb . att . com