2000-11-14-15:11:55 Adam McKenna:
> But you have to realize that this is the same argument put forward
> by many people pushing closed source solutions over open source
> ones (that it has been analyzed by "experts"), and invariably many
> security holes are found anyway.
Again, it helps to understand his particular background on the
matter. He's very very specifically criticising "hack me"
challenges, as contrasted with open audits of the design, and this
is right out of his crypto roots.
> Cases in point, [...] MS's shoddy PPTP implementation, [...]
of which Bruce Schneier is the most vocal and respected critic,
always cited in disputes over the merits or demerits of the protocol
design and implementation.
See <URL:http://www.counterpane.com/pptp.html>, the leading
reference on PPTP's insecurity.
What is more interesting to me is that Bruce has distinctly waffled
on the topic of full disclosure re security problems. If you want to
attack his views, I recommend looking there:-).
-Bennett
PGP signature
