BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] NAS: encryption
- Subject: [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Wed, 8 Jul 2015 16:13:09 -0400
- In-reply-to: <20150708191905.GZ28620@angus.ind.WPI.EDU>
- References: <5596D8DA.2000201@gmail.com> <55980A9F.4020007@gmail.com> <BY1PR0401MB1641117906253C39D8075681DC940@BY1PR0401MB1641.namprd04.prod.outlook.com> <sjmd203evpz.fsf@securerf.ihtfp.org> <CAFv2jcba50_Kw9V-p7brmeJ5Fk=9rzeQRLRzBUVRK8uZ71wZNA@mail.gmail.com> <BY1PR0401MB164127DEA53006B9692DC60CDC920@BY1PR0401MB1641.namprd04.prod.outlook.com> <3d14590da6e6f0bd76b8e75496117136.squirrel@mail.mohawksoft.com> <559D3884.7010505@gmail.com> <20150708150631.GF32011@angus.ind.WPI.EDU> <559D477F.2040808@gmail.com> <20150708191905.GZ28620@angus.ind.WPI.EDU>
On 7/8/2015 3:19 PM, Chuck Anderson wrote: > Sorry, I call BS. My point was that having access to source code is a > prerequisite. If you don't have access to the source code, it becomes > MUCH harder to audit because you are limited in the techniques you can > use, such as black box testing. If you have source code, you can read > the code and try to understand what it is doing. This is why I say you don't have the qualifications. Access to the source code isn't worth nearly as much as you seem to think it is. There are classes of vulnerabilities like insecure compiler optimizations that are impossible to detect by examining the source code even when you do understand what the code is supposed to do. On the other hand, no-source techniques like black box testing work whether or not you have the source. This is why my answer to your next question is... > And do you think we would know about those instances if the > code/standards were closed? ... yes, we would. -- Rich P.
- Follow-Ups:
- [Discuss] NAS: encryption
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] NAS: encryption
- References:
- [Discuss] NAS: buy vs. build
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: encryption
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] NAS: encryption
- From: abreauj at gmail.com (John Abreau)
- [Discuss] NAS: encryption
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] NAS: encryption
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] NAS: encryption
- From: cra at WPI.EDU (Chuck Anderson)
- [Discuss] NAS: encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] NAS: encryption
- From: cra at WPI.EDU (Chuck Anderson)
- [Discuss] NAS: buy vs. build
- Prev by Date: [Discuss] NAS: encryption
- Next by Date: [Discuss] NAS: encryption
- Previous by thread: [Discuss] NAS: encryption
- Next by thread: [Discuss] NAS: encryption
- Index(es):