Trust (was RE: Antwort: Re: Facts, not Fiction)

["Stout, William" <StoutW () pios com>]

One can't prove security, just less comparative risk.  Even the famous
MJR wire-cutter firewall only _reduces_ the security risk by presenting
one less entry point.

It also helps to have an understanding of how proxies work, and how
packet filters work.  Discussions such as 'SPF vs. proxy' discussions
compare different architectures and levels of risk.  One turning out to
have less risk than another by ensuring complete packet rewrites and
enforcing correct application-level behavior.  (Jab, twist).  ;)

Is your question can you trust pre-compiled binaries?  Politically you
have to, realistically you can't without peer-reviewable source.

I have to differ with Bennett and Marcus about DOS bugs and the like
being quietly fixed before they're exploited, since not everyone
religiously patches their systems.  Many production folk either do a
'set and forget' not wanting to fix something that works, or have
religious reasons not to apply patch until some experience is had by
others that did patch.

Bill Stout