Skip to Content

no company will ever plant a backdoor in it's proprietary software

Alaa's picture

Comments

DarKnesS_WolF's picture

Brain FreZ!

shutdown -r now Rebooting for Brain FreZ peace


Live Free Or Die Trying... GPG Key ID:0x6FD809F4

This is great piece of

This is great piece of advice, which even proprietary companies do follow. For if you really serious about security, it would be extremely reckless and border line insane to trust the implementation to a black box.

Philosophical and religious issue aside, it’s not a matter of Open vs. Proprietary. It is simply a matter of “do you have access to the source or not?”

The majority if not all of the companies do get the source for these kind of stuff and sign various NDA and such. You would be surprised as to how common this situation is. I do sometimes make development decisions for my team to use some third party components or forced to do so by management, but I *always* get the source code for those. How else could you debug/fix/patch or even determine the code domain of the problem (your monkey, no it’s your monkey) without source code? The source code to almost any program out there is available with the adequate legal work, I know, I have access to some very popular source.

But then again this point out to the undeniable truth which is “Open Source is The Right Thing (TM)”

The real issue/problem here is “know how”. The US government treats encryption as ammunition under the ITAR, so the US govt. have/will/can/done the same with open source software, not necessarily add a back door, but prevent export or do some other stupid regulation. IIRC PGP was scanned, faxed and then OCRed on the other side of the Atlantic because of this kind of regulation.

We need to be creators of technology not just consumers, we need to create API not just program against them. Take a look at RSA, when the US tried to pull a stunt like this they were faced with the predicament that Adi Shamir was an Israeli citizen, what would they have done, take him hostage?

Can you name one crypto algorithm done in the mid-east? Not counting Israel and Dr. El-Gamal (he is US citizen) Can you even name some major mid-east open source project that is not about localization/arabization? (am not being sarcastic, I just don’t know)

Any way, just had some steam to blow off, we have major problems and it’s sad.


AMG.
-When things have gone from bad to worse, The cycle will repeate itself.
-If you think things can't get worse it's probably only because you lack sufficient imagination.


Alaa's picture

I doubt most companies

I doubt most companies where able to get the source code for lotus notes

Alaa


husband of the Grand Waragi Master

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


Dr. Radut | blog