Achim Hasenmueller <[EMAIL PROTECTED]> writes: > Yes, of course. Customers concerned about security usually build the > software themselves in a "Gentoo-like" environment where they also build > GCC from sources, etc.
Well, glad to hear that. My thumb is up for your product, then :) While Open Source increases security due to the > large group of people reviewing the sources, it also makes life easier > for attackers. Therefore, the commercial version does not correspond 1:1 > to the open version: some components are older, some components are > newer, some things are different. As for open-source lending insight to the attacker, I most certinly disagree, but that is certainly leading offtopic, so I won't elaborate. > In 2007, the security architecture of > the product will be further hardened in preparation of international > formal security audit processes. If that is not a trade secret, could you tell me more about the formal security evaluation process? Will only the commercial version undergo it, or will open source crowd get their first open-source security-certified Virtual Machine? P.S.: AFAIK, most virtualization products currently on-market can not boast a formal security audit. Great move! I am really looking forward to seeing it. BTW, is BT Counterpane involved in the process? (madman's guess) ;-) _______________________________________________ vbox-users mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-users
