On 10/8/05, Paul <[EMAIL PROTECTED]> wrote:
Mike M wrote:
>On Fri, Oct 07, 2005 at 09:45:53PM -0400, Paul wrote:
>
>
>>Also consider that there are situations where 100% open source is never
>>allowed. Check out visa/mastercard processor certification for a good
>>example. Digium dual licensing availability means I could actually stand
>>a chance of using asterisk as the basis for systems used by military and
>>law enforcement in applications that require extremely high security.
>>
>>
>
>There is a popular vendor of closed source products whose security has been
>compromised often. The security of OpenSSH is well established.
>
>Reading this list iwe learn that the open source version of Asterisk is
>currently being used by military personnel.
>
>Asterisk offers ways for users to implement eavesdropping applications which
>undermines the goal of attaining extremely high security.
>
>Open source is for sharing if that's feasible and closed source is not.
>Dual licensing is for both.
>
>
>
My point was not to argue that closed source enhances security. I was
just pointing out that there are situations where the customer will not
accept open source.
Credit card processing would be a good example. You could design *-based
systems for both the client(merchant) and server(processor) functions
but last I knew visa/mc would not certify open source solutions.
Off topic but wanted to correct this.. Its not the software that has to be certified, it's the merchant (or payment processor). Ya you can pay a security auditor to look at your software and say that it's compliant, but it doesn't really mean anything. If you are a qualifying merchant or payment processor you would still have to go through the complete audit even if you used 'certified' software. Also, as a merchant you either have to go through the full audit yourself, or use a certified payment gateway. You cannot for example use 'certified' software as a merchant and connect directly to the bank networks without going through the full audit yourself at an average cost of around $20,000.
Chris
_______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
