[144894] in cryptography@c2.net mail archive
Nominum says it has secret advantages over Bind
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Sep 28 19:35:26 2009
From: "Perry E. Metzger" <perry@piermont.com>
To: cryptography@metzdowd.com
Date: Thu, 24 Sep 2009 11:27:16 -0400
More security and security politics than crypto, but I thought this was
rather interesting to this community:
Nominum's Jon Shalowitz is interviewed on why you should buy Nominum's
stuff over using open source, oh, pardon, "freeware[sic]" software:
Q: What characterises that open-source, freeware legacy DNS that you
think makes it weaker?
A: Number one is in terms of security controls. If I have a secret
way of blocking a hacker from attacking my software, if it's freeware
or open source, the hacker can look at the code.
By virtue of something being open source, it has to be open to
everybody to look into. I can't keep secrets in there. But if I have
a commercial-grade software product, then all of that is closed off,
and so things are not visible to the hacker.
http://news.zdnet.co.uk/itmanagement/0,1000000308,39760362,00.htm?s_cid=260
I guess Mr. Shalowitz is unaware of the existence of
disassemblers. Either that, or perhaps all those people attacking
Windows successfully have the source code, I'm not sure which.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
