This is an interesting dilemma. FWIW, in almost 30 years as a vendor, I've never had anyone ask to see source code for security reasons. That doesn't mean it won't happen tomorrow, of course.
I suspect that the general attitude is a synthesis of the comments here: - Vendors are assumed to have competent people (yeah, yeah, let's not go there!) - Customers don't necessarily think they would be able to grok in fullness and spot any weaknesses - Customers are used to not seeing source code (and yes, that's a whole 'nother discussion) - Customers auditing it could shift some of the responsibility to them Basically, while a lot of techies have probably thought of asking to do so, they or their management have seen it as a rat-hole down which they dare not go. Again, this is my guess based on *MY* experience, YMMV etc. ...phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
