On Dec 3, 2007, at 16:51 , Paul Hoffman wrote:
At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:I don't know if people have been following this, but it is interestingfrom the point of view of studying how the FIPS process does (or does not) interact with the underlying goal of producing assured systems.Another interesting part is that open-source systems are much more susceptible to being attacked by competitors (that is, having their validation suspended) than are closed-source systems.
Hi Paul,this may have been true in the past. Enter tools like BinDiff [1] and BinNavi [2] and a skilled reverse engineer is able to shoot down you're closed-source implementation almost as quickly as one for which she has source (assuming she has binaries, of course).
Cheers,
Ralf
[1] Zynamics BinNavi
http://www.zynamics.com/index.php?page=binnavi
[2] Zynamics BinDiff
http://www.zynamics.com/index.php?page=bindiff
smime.p7s
Description: S/MIME cryptographic signature
