Microsoft hits new ethical low point?
Niall Kavanagh
niall at kst.com
Mon Feb 19 13:09:33 EST 2001
On Mon, 19 Feb 2001, John Chambers wrote:
>
> The reason is simple and obvious. If you install binary software, you
> have no way of knowing what is hidden inside it. The programmers
> could have been paid by someone to install all sorts of trapdoors,
> and you'll only learn about it when it's too late.
>
An excellent point. Look at most Microsoft vulnerabilities discovered in
the wild: Found as a result of someone (be it a security expert or black
hat) tinkering. Who knows what else lurks within without the source?
Now look at the other side. The recent Interbase backdoor was found _in
the source_. This had been in the commercial product for YEARS without the
public's knowledge.
Granted, open source != instantly secure. There are a lot of problems
found the old fashioned way; tinkering. I for one like to stack the deck
to my advantedge whenever possible, which means using code that has been
eyeballed by many, and more importantly, by peeps who are _not_ the actual
developers.
Speaking of stacking decks... anyone up for poker? ;)
--
Niall Kavanagh, niall at kst.com
News, articles, and resources for web professionals and developers:
http://www.kst.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list