I am reading this book by B. Schneier, in particular, the section
`Cracking and hacking contests'. He thinks that contests (like
offering $1000 for finding a security hole in a product) are bad for
four main reasons, the first reason being that the contests are
usually unfair since the author of the software decides what he/she
considers a "hole".
He also thinks that even having a software out and used for a few
years without incidence does not imply that it is secure. He says,
the best way to evaluate the security of a product is to have it
audited by security experts.
So has any expert ever audited qmail or djbdns?
Mate
