Jesper Wall wrote:
>
> > [SNIP]
> >
> > > I tend to think of it as "A firewall is only as good as the people
> > > implementing it"
> > >
> > [Ron DuFresne wrote]
> > This totally disregards those that sat and coded it though. And, as
> > security audits show, clean, secure code is hard to comeby.
> > And consider,
> > some sources have been audited a number of times over hte
> > years with new
> > bugs popping up every now and then. If the source is insecure and
> > exploitable, no matter how good the implementor of the program copiled
> > from it, there will remain a gaping wound...
> >
>
> But in the end, its true that "A firewall is only as good as the people
> implementing it".
> The point is: No matter how good the coder of the firewall is. If the
> implementor (who is the last in the line) screw up, the firewall is useless.
> Then it makes no difference if the firewall is crap from begining or if its
> the best on the market.
>
What Ron was saying is that it doesn't matter if you are a security
savant, if the firewall's code is bad and has exploits, then you will
never be able to get over a certain level of security.
At least, that's what I take
"If the source is insecure and exploitable, no matter how good the implementor of the
program copiled from it, there will remain a gaping wound..."
to mean. Any argument?
Martin
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
