And - I don’t mean to imply at all that most companies are willfully abusing that fact, just simply that most software is a black box.
> On Oct 17, 2015, at 11:08 AM, Clark Morris <[email protected]> wrote: > > On Sat, 17 Oct 2015 06:16:47 -0700 (PDT), in bit.listserv.ibm-main you > wrote: > >> The fact that IBM continues to issue integrity PTFs shows that their code is >> not perfect when it comes to integrity and therefore security. Nobody's is. >> So, it is possible, by a review of the code, that the Chinese review team >> can identify an integrity issue and save that for a later attack on an IBM >> customer. This is a big risk. > > Actually allowing any country to review code is to open an exposure. > On the other hand all users have at least some need to verify that > code is not exposing them. For those users with high security needs > and a large enough budget, having all software in house maybe using > open source software as a starting base can make sense. I believed > back in the 1970s and 80s that one of the best places to put a spy was > in the IBM software creation and distribution system. These comments > apply to all countries. It would be interesting to find out which > countries and entities are reviewing source code from the various > vendors. I believe that Snowden supporters are naive if they believe > that other major and not so major countries are not engaged in much > the same activities as those he accused the United States NSA and > other agencies of committing. If IBM is allowing the Chinese > government to review the code, I will guarantee that other governments > are also reviewing the code. In addition we know that at least some > ISV's have access to at least some of the code under non-disclosure > agreements. I leave to you who are citizens of various countries to > determine how concerned you should be. > > Clark Morris >> >> Barry Schrager >> Creator of ACF2 >> Member: Mainframe Hall of Fame >> www.Enterprisesystemsmedia.com/mainframe-hall-of-fame > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
