[1343] in Kerberos
Software Security
daemon@ATHENA.MIT.EDU (Gail Anderson)
Thu Apr 11 21:20:33 1991
Date: Thu, 11 Apr 91 16:40:49 -0600
From: gta@beta.lanl.gov (Gail Anderson)
To: kerberos@ATHENA.MIT.EDU
We are investigating how to go about moving our network authentication
to Kerberos. As part of this, we must find means of assuring our
security people that software we get from the network does not include
intentional security holes.
Would it be possible for us to have a copy of your software change
control procedure or a statement of your integrity policies? This would
provide assurance that your software is not modified between the time you
approve it for distribution and the time we get it. If you can provide
this, it would greatly assist us and would ease the effort required to
get approval to upgrade to Kerberos.
Thank you,
Gail Anderson
