Secure Coding mailing list archives
Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies
From: ljknews <ljknews () mac com>
Date: Fri, 30 Apr 2004 16:35:31 +0100
At 7:31 PM -0500 4/29/04, Tad Anhalt wrote: <using Green Hills as an example>
How did they bootstrap their system? In other words, how did they ensure that they could trust their entire tool chain in the first place? They hint that the whole system was written by a few trusted persons.
Begging the question "trusted by whom?". Some organizations require "trusted by the agency issuing security clearances" for certain (primarily non-tool) software.
Did they write the whole tool chain as well? The scheme above protects against future attack, but not against something that was there before they started. I'm sure that they have an answer for that question, it's a pretty obvious one to ask... Maybe I missed it on my read-through? That's the whole point of the Thompson lecture. The hole is really deep. How far can you afford to dig? How do you decide what to trust?
Ideally, if you find you cannot afford to dig far enough to satisfy your need, a revision of your business plan is required.
Green Hills Software obviously has a vested interest in convincing the reader that it's worth paying them whatever it is that they're charging for the extra depth... In some situations, it may be... That's a risk management decision.
And one solution acceptable in many conditions is determining whether the vendor has deep enough pockets that a lawsuit after the fact would mean something. I don't know much about finance, but I know that suing Green Hills software has more potential than suing the person from whom you got a copy of Linux. Not all checks and balances are embedded in the software itself.
Current thread:
- White paper: "Many Eyes" - No Assurance Against Many Spies Kenneth R. van Wyk (Apr 29)
- Re: White paper: "Many Eyes" - No Assurance Against Many Spies dtalk-ml (Apr 29)
- RE: White paper: "Many Eyes" - No Assurance Against Many Spies Dave Paris (Apr 30)
- Re: White paper: "Many Eyes" - No Assurance Against Many Spies der Mouse (Apr 30)
- <Possible follow-ups>
- RE: Re: White paper: "Many Eyes" - No Assurance Against Many Spies Jeremy Epstein (Apr 29)
- Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies James Walden (Apr 30)
- Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies Tad Anhalt (Apr 30)
- Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies ljknews (Apr 30)
- Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies Glenn and Mary Everhart (May 03)
- Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies Crispin Cowan (May 03)
- Re: Re: White paper: "Many Eyes" - No Assurance Against Many Spies Tad Anhalt (May 04)