On Mon, 5 Feb 2018 17:21:53 +0000
"Drago, William @ CSG - NARDA-MITEQ" <william.dr...@l3t.com> wrote:

> All,
> I've been using/loving SQLite for years, but the use of open source software 
> is highly discouraged where I work, and now I have to prove to our IT dept. 
> that SQLite is reliable and secure. The reliable part is easy because there 
> is enough information on the SQLite website about testing, but what about 
> security? How can I convince the auditors that SQLite is not stealing 
> corporate secrets and spreading viruses?

The open code is actually the only code that can be proofed to be secure. The 
written guarantee is pointless actually because the malware is always 
introduced in secret. The procedure is following: 

1. Download the SQLite code from the official repository.
2. Audit the code in order to proof it does not contains 
malware/spyware/security flaws.
3. Compile the code and link it against the dependencies proofed to be secure! 
(this is important!)
4. You have SQLite proven to be secure.

The only problem is p.3, but if your company is so paranoid about security, you 
already have audited the standard 
C libraries. 

> Is there a statement somewhere on the website that guarantees that copies of 
> SQLIte downloaded from SQLite.org and System.Data.Sqlite.org are free of all 
> forms of spyware/malware/viruses/etc?
> Thanks,
> --
> Bill Drago
> Staff Engineer
> L3 Narda-MITEQ<http://www.nardamiteq.com/>
> 435 Moreland Road
> Hauppauge, NY 11788
> 631-272-5947 / william.dr...@l3t.com<mailto:william.dr...@l3t.com>
> CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use 
> of the intended recipient and may contain material that is proprietary, 
> confidential, privileged or otherwise legally protected or restricted under 
> applicable government laws. Any review, disclosure, distributing or other use 
> without expressed permission of the sender is strictly prohibited. If you are 
> not the intended recipient, please contact the sender and delete all copies 
> without reading, printing, or saving..
> Beginning April 1, 2018, L3 Technologies, Inc. will discontinue the use of 
> all @L-3Com.com email addresses. To ensure delivery of your messages to this 
> recipient, please update your records to use william.dr...@l3t.com.
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

John Found <johnfo...@asm32.info>
sqlite-users mailing list

Reply via email to