Peter Gutmann wrote:
While it's possible to say "There's something we noticed here in the source code that requires the software to be ejected from the train", it's a bit harder to say "We spent three months reverse-engineering someone else's proprietary protected intellectual property and think we may have found something".
Peter cites an important difference. You may be able to see but you can't tell. However, one can still easily reverse-engineer to find the vulnerability and then present an exploit saying "There's something we noticed here when the code is executed with this input...". The conclusion holds that closed-source is now less of a reasonable argument in terms of /protecting/ source code. Software-as-a-Service (SaaS), though, would still work in terms of protecting source code, though, as all you have is a "service oracle" that does not necessarily reveal code details or flaws. SaaS could be supplied remotely or locally, with a secure processor card or secure USB-processor. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
