Michael Dillon allegedly said:
> Let me grind my axe a little bit more then.
> If there is no source code to examine, then how do you know whether it's
> true or not? Reverse engineering isn't the answer because it can be
> difficult to extrapolate the higher level function of a piece of machine
> language code. Even the guy making the claims said that the reverse
> engineering only "seemed" to point to a backdoor. And not knowing the
> skill level of the reverse engineer and not having access to the source
> code, how can we figure out who is right?
> Full source code disclosure is the only way, IMHO.
The source/no_source debate is an entertaining way to waste some time.
But let's not lose sight of the fact that it is indeed a waste of
time. The choice of what firewall to use clearly depends on many
factors -- how much money is available, how much security is desired,
the quality of in-house expertise, the current hardware/software/
network environmment, the value of what is being protected, and so on.
There are many places in that space where a commercial firewall with
no source is a reasonable choice.
Kent Crispin "No reason to get excited",
gov the thief he kindly spoke...
PGP fingerprint: B6 04 CC 30 9E DE CD FE 6A 04 90 BB 26 77 4A 5E