[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] How much longer?
- To: Clint Bodungen <clint@secureconsulting.com>
- Subject: Re: [Full-Disclosure] How much longer?
- From: cptnug <cptnug-fulldisclosure@batray.net>
- Date: Thu, 12 Feb 2004 12:18:36 -0800
On Thu, Feb 12, 2004 at 11:29:22AM -0600, Clint Bodungen wrote:
> From: "Gregory A. Gilliss" <ggilliss@netpublishing.com>
> > And just to make you *really* cringe, I can't prove it, but I believe
> > he's correct. 'nuf said.
>
> Ok put down the tabloids and comic books. I've written commercial software
> for small firms as well as some very well known fortune 500 firms and I've
> never had anyone looking over my should, holding my hand, or snapping
> pictures of me in the deli because I didn't leave a back door in the
> software for the govt. to regulate. I've never even had a run in with the
> Mafia. " 'nuf said." Maybe that's why you can't prove it.
Perhaps not, but we do know that the government has explicitly required
"backdoors" in exported products using encryption, (e.g. ITAR and the
specific example of Lotus Notes). It's hardly an unreasonable leap to think
it might happen, at least sometimes, covertly in other pieces of software.
My own opinion is that most software is so bad security-wise there's just
no need for explicit backdoors. The US government TLAs can trust software
developers (and if not them, the users) to make enough mistakes that they
don't need to force or ask them to put in backdoors on purpose.
--
cptnug
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html