Adam McKenna <[EMAIL PROTECTED]> writes:
> OK, I stand corrected. But you have to realize that this is the same
> argument put forward by many people pushing closed source solutions over
> open source ones (that it has been analyzed by "experts"), and
> invariably many security holes are found anyway. Cases in point, most
> major closed-source firewall software, MS's shoddy PPTP implementation,
> etc.
I believe that Bruce Schneier, like most (although not all) security and
cryptography experts, is pretty strongly opposed to closed-source
solutions to security problems due to precisely the sorts of things that
you're talking about. I think his point is more that just having the
source available doesn't automatically mean that the software has been
audited. Having the source be closed is obviously worse, but open source
isn't a sufficient condition.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
