On 13Jun19:0608-0700, Phil Smith wrote: > This is an interesting dilemma. FWIW, in almost 30 > years as a vendor, I've never had anyone ask to see > source code for security reasons. That doesn't mean > it won't happen tomorrow, of course. > > I suspect that the general attitude is a synthesis > of the comments here: > > - Vendors are assumed to have competent people (yeah, > yeah, let's not go there!) > > - Customers don't necessarily think they would be > able to grok in fullness and spot any weaknesses > > - Customers are used to not seeing source code > (and yes, that's a whole 'nother discussion) > > - Customers auditing it could shift some of the > responsibility to them > > Basically, while a lot of techies have probably > thought of asking to do so, they or their management > have seen it as a rat-hole down which they dare not > go. Again, this is my guess based on *MY* experience, > YMMV etc.
You don't suppose everyone believes the NSA and CIA are doing an excellent job of looking out for us normal customers, especially for stuff like the HMCs and SEs? -- <not cent from sell> May the LORD God bless you exceedingly abundantly! Dave_Craig______________________________________________ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
