Posted by: Anonymous Coward
on June 08, 2004 12:42 AM
An anonymous reader wrote: Having access to the source code of a software program, whether or not you can change it, is still valuable as a learning tool and is useful for auditing purposes. Without the source, how are you sure that it does what it claims as well as it claims to?
It makes no difference to the auditing process if the auditor has access to the source code if the generation of the executable is not auditable.
Consider the following example: I ship you a bunch of electronic components, and state that these are used to generate a radio transmitter. You are allowed to inspect and bench-test each component. When you are satisfied, I then insist that you return the parts to me for assembly, and you are not allowed to inspect the assembled transmitter. How can you confirm that I have not added, substituted, or removed components for the final assembly?
Allowing access to the source code, without granting permission to build or use the executable independantly may help diagnose problems encountered in the system, but it does not help resolve those problems if the vendor is unwilling to address the issue. Furthermore, it completely fails to satisfy concerns of the addition of intentional back doors. It is possible to create an independant audit trail (i.e. allow inspectors to view the assembly process to certify that nothing was added, substituted, or removed), but as Ken Thompson <A HREF="http://www.acm.org/classics/sep95/" title="acm.org">showed</a acm.org>, even that process is subject to being comprimised.
Learn about Linux
Download Linux
Get Linux help
Re:You have missed it.
Posted by: Anonymous Coward on June 08, 2004 12:42 AMIt makes no difference to the auditing process if the auditor has access to the source code if the generation of the executable is not auditable.
Consider the following example: I ship you a bunch of electronic components, and state that these are used to generate a radio transmitter. You are allowed to inspect and bench-test each component. When you are satisfied, I then insist that you return the parts to me for assembly, and you are not allowed to inspect the assembled transmitter. How can you confirm that I have not added, substituted, or removed components for the final assembly?
Allowing access to the source code, without granting permission to build or use the executable independantly may help diagnose problems encountered in the system, but it does not help resolve those problems if the vendor is unwilling to address the issue. Furthermore, it completely fails to satisfy concerns of the addition of intentional back doors. It is possible to create an independant audit trail (i.e. allow inspectors to view the assembly process to certify that nothing was added, substituted, or removed), but as Ken Thompson <A HREF="http://www.acm.org/classics/sep95/" title="acm.org">showed</a acm.org>, even that process is subject to being comprimised.
#