Re: How much longer?

[cptnug <cptnug-fulldisclosure () batray net>]

On Thu, Feb 12, 2004 at 11:29:22AM -0600, Clint Bodungen wrote:
> From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
> > And just to make you *really* cringe, I can't prove it, but I believe
> > he's correct. 'nuf said.
>
> Ok put down the tabloids and comic books.  I've written commercial software
> for small firms as well as some very well known fortune 500 firms and I've
> never had anyone looking over my should, holding my hand, or snapping
> pictures of me in the deli because I didn't leave a back door in the
> software for the govt. to regulate.  I've never even had a run in with the
> Mafia.  " 'nuf said."  Maybe that's why you can't prove it.

Perhaps not, but we do know that the government has explicitly required
"backdoors" in exported products using encryption, (e.g. ITAR and the
specific example of Lotus Notes). It's hardly an unreasonable leap to think
it might happen, at least sometimes, covertly in other pieces of software.

My own opinion is that most software is so bad security-wise there's just
no need for explicit backdoors. The US government TLAs can trust software
developers (and if not them, the users) to make enough mistakes that they
don't need to force or ask them to put in backdoors on purpose.

-- 
   cptnug

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html