I think you have the open source security risks backwards, Herbie.
One of the features of open source is that the source code is public.
This means that ANYONE can read it, study it, find bugs in it, AND
find trap doors in it! And "anyone" means anyone in the whole world!
Thus, the risk of malicious code being discovered and publicized is
far greater for open source code than it is for OCO code.
From a security point of view, I'd much rather have open source code
than OCO code any day.
Dave Cole
At 12/5/2007 07:16 AM, Van Dalsen, Herbie wrote:
In my opinion, what makes IBM code safe in terms Auditing risk, is
the fact that only IBM labs work on it. You need a really P'd-off
IBMer to plant a Trojan in the code, and a few P'd-off testers to
miss it during testing. So I would not be in favor of open source
for the mainframe. I think too many companies depend on the current
quality level of the software. What I would be in favor of is a
platform where developers outside of IBM can present new software
designs/ideas to be included after proper securitization.
Regards
Herbie
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
