[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
> On 7 Dec 2013, at 16:35, Gibbs <linux@xxxxxxxxxxxxxxx> wrote: > > This 'source code' that Microsoft provides. Does 'X agency' get to > actually compile it? If not then I don't see the point. What is the > difference between that and my Hello World program? :) The difference is that some people think code inspection is a unique differentiator and it is so only by dint of numbers who do that inspection. Proprietary software companies can do comparable code inspection and analysis to open source projects on closed code bases if they want. That there is a market in proprietary code analysis tools shows some do this, that it is a small market suggests to me not enough. Ultimately things like the Debian Openssh debacle show that if inadvertent failures happen it is likely deliberate ones will. Folks who really want information security need depth, if there are Windows back doors, these machines will need to send the information out, that'll be odd network traffic. Hence my usual view of I don't care if it is labelled "malware" or Windows, I care what it does. My mail folder labelled trouble stuff was full of malware, none of which ever caused my computers the slightest concern but install an antivirus program and it won't relax till it is all removed. Where as the ability to bypass the X screen saver with a single key combination, or web servers picking the wrong encryption protocol, do concern my waking hours more than malware. The openness of the source code largely irrelevant except when it comes to - do we want to submit a fix - which is way down the process and the presumption is "no" since fixing software is expensive and time consuming and we prefer to fix our own open source code first. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq