Subject: Re: Fwd: Re: Microsoft: Closed source is more secure
From: shap@cs.jhu.edu
Date: Fri, 04 May 2001 15:33:59 -0400

Dave Turner wrote:
> Actually, I suspect that lots of people have gone over the source,
> [of djbdns] because of this:
> 
> 	http://cr.yp.to/djbdns/guarantee.html
> 
> He's offering $500 for bugs.  Granted, that's not much, but when you
> count in the fame... well, I think there's more assurance than you
> think.

This is *definitely* better than nothing, but I think you missed the
point.

The question is not whether the code has been haphazardly examined. The
question is whether there is an appropriately detailed specification
that meets the security objectives, and whether the code has then been
*systematically* examined by knowledgeable readers to determine whether
it satisfies this specification.

I'm not knocking bounties -- we're going to put one out on EROS one of
these days, and I hope it will help. I'm saying that bounties do not
take the place of a proper assurance evaluation.


Jonathan