On Wed, 2 Nov 2005 14:06:40 -0500, Walt Farrell <[EMAIL PROTECTED]> wrote:
>... >I'm not sure I understand how you would expect an auditor to be able to >verify that a vendor hadn't shipped a trojan horse. You really want all >the auditors visiting all the vendors and personally inspecting all the >code? >... Sure. All the auditors have to do is examine all the code and look for comments saying "Trojan Horse" or "Worm" or "Virus". In fact, I can't think of much I'd rather see them doing. It would be pain supplying them with all that source, but I don't think you would need to worry about any technology transfer happening. Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html