re: Schneier's commentary in Secrets and Lies
Mate Wierdl <[EMAIL PROTECTED]> wrote:
>
> He says, the best way to evaluate the security of a product is to have it
> audited by security experts.
> So has any expert ever audited qmail or djbdns?
As Dave Sill pointed out, no formal security audit has been conducted by
an independent party.
However, as far as qmail goes: all the crackers in the world have had access
to the qmail source code and design documentation for years, and none have
yet found an exploitable security hole. You could consider that a fairly
thorough audit-by-fire.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
