David Honig wrote:
>
> At 07:34 PM 6/19/00 -0400, Paul H. Merrill wrote:
> >It isn't not invented here that is the problem -- it is the Not
> >Developed Here. COTS is developed in a not verifiably secure
>
> Excellent point. But open source is a good place to start.
> They can train a batch of recruits by having them attack/reinforce
> the public domain code. In the worst case, they can reverse
> engineer the code. Don't tell me they don't know how to do that.
>
While CypherPunks tend to be a paranoid lot, they do not hold a candle
to the level of paranoia that is considered Line of Duty by the
Inte/CounterIntel Community. NSA has demonstrated a compiler that
introduces backdoors and Trojan aspects while compiling clean source.
(Purely for demonstration purposes, of course.)
The Yellow Books deal with this in the Closed Development aspects of
evaluation. (For a quickie see http://jya.com/ntob.htm then search for
"Development Environment".)
Of course, I am quite certain that Open Source code is stolen on a
regular basis when it suits their purposes. But Attack and Reinforce is
about as In Favor as a Code and Fix Development Cycle.
PHM
--
Paul H. Merrill, MCNE, MCSE
[EMAIL PROTECTED]
