 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Mon, 19 Feb 2001, John Chambers wrote: > > The reason is simple and obvious. If you install binary software, you > have no way of knowing what is hidden inside it. The programmers > could have been paid by someone to install all sorts of trapdoors, > and you'll only learn about it when it's too late. > An excellent point. Look at most Microsoft vulnerabilities discovered in the wild: Found as a result of someone (be it a security expert or black hat) tinkering. Who knows what else lurks within without the source? Now look at the other side. The recent Interbase backdoor was found _in the source_. This had been in the commercial product for YEARS without the public's knowledge. Granted, open source != instantly secure. There are a lot of problems found the old fashioned way; tinkering. I for one like to stack the deck to my advantedge whenever possible, which means using code that has been eyeballed by many, and more importantly, by peeps who are _not_ the actual developers. Speaking of stacking decks... anyone up for poker? ;) -- Niall Kavanagh, niall at kst.com News, articles, and resources for web professionals and developers: http://www.kst.com - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
