[olug] OT: security through antiquity
Will Langford
unfies at gmail.com
Thu Nov 6 03:51:18 UTC 2008
>
> > I guess the similar argument would be two
> > exactly identical bits of code -- one has been reviewed and audited a
> dozen
> > times -- is the reviewed code more secure than the unreviewed code ?
>
> Well, if they're exactly identical bits of code, then obviously
> neither is any more secure than the other.
>
I've been looking for like, an hour for the link on the quote, but I can't
seem to find it. Damn I suck. And I'm pretty sure that it was on his blog
site too :(.
Anyway, Schneier's comment on the subject was that reviewed code was more
secure than unreviewed code, even if binary exact. I think it has more to
do with a 'trust' and possibly psychological stuffs. The argument very well
could be that the unreviewed code could have any number of security issues,
but reviewed code is known to not have a given set of known holes. Kind of
similar to 'whole is more than sum of its parts' kind of thing I guess.
Being a coder and tending to deal in absolutes, I'm unsure where I sit on
the matter :)
-Will
More information about the OLUG
mailing list