On Fri, Mar 12, 2004 at 11:09:37AM -0500, Michael Long wrote:
guess it is not. I was wondering how others would answer this question?
I was working at RSA Security for a while, and my manager gave me the same sort of line: We make security products here, you definitely don't want that open source! <some other reference about open source being less secure> My response was along the lines of: Actually, that's _exactly_ the software I would want open source. Security through obscurity (which is what most non-open source relies on) doesn't work. He wasn't happy. <G> Anyway, yeah, "real" security people want as many people looking at their code/algorithm/etc as possible to make sure it's secure in and of itself. There's reasons that things like MD5, SHA1, AES, etc, all went through a rigorous review process before they're made a "standard". -- Randomly Generated Tagline: s Blind, Lingerie makes Great Braille!