Markus Kuhn wrote: | > NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE | > AVAILABLE FREE ON THE NET | | Excellent! | | Finally mainstream software companies start to understand that security | critical software has to be provided to the customer in full compilable | source code to allow independent security evaluation. I'm not sure that this is the message they're sending at all. They're trying to work the Linux/GNU model of getting a horde of volunteer programmers to improve their product, and base other products on it, because of the ease of integration. I don't know that security was even on their minds. | No formal CC/ITSEC evaluation process can beat the scrutiny of the | Internet crowd. I wonder how long we have to wait for the day on which Not that the internet crowd is such hot shit, either. The freely usable FWTK contained a *really* easy to find replay attack for about 3 years, befire I pointed it out at the Crypto rump session. (www.homeport.org/~adam/crypto97.html). Small code. Comments pointing to problems. Security critical in some instances. 3 Years to find. Adam | we can download the latest GPL'ed Windows NT version source code from | Microsoft's web server ... -- "It is seldom that liberty of any kind is lost all at once." -Hume