Steve Kennedy wrote:
On Sat, Oct 08, 2005 at 08:43:07PM +0300, Tzafrir Cohen wrote:
On Sat, Oct 08, 2005 at 11:59:04AM -0400, Mike M wrote:
On Sat, Oct 08, 2005 at 09:20:07AM -0400, Paul wrote:
Closed source might delay the cracker but it also delays pre-crack and
post-crack countermeasures.
What's the alternative? Open source? Cracking is unnecessary with open
source.
Search a bit about "security by obscurity". Basically if the security of
your system depends on a secret you can't easily change, it will get
exposed sooner or later. So you should design it to withstand such
leakage. E.g: change a password if it was exposed.
As this was related to Mastercard/Visa, they can allow open source,
however the software has to be certified to meet their security specs,
which may be harder to accomplish for open source.
It's not harder. It's just different. A number of things have similar
requirements. The ISDN4Linux folk have certain versions of their
software approved by the telecoms bodies in Europe. They need to tie
down exactly what was approved, so any other versions emit a notice that
says they are unapproved versions. They do this with a signature on the
approved version. It seems to work out OK.
Regards,
Steve
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
