Information Security News mailing list archives
Re: China next to get access to Microsoft source code
From: InfoSec News <isn () c4i org>
Date: Fri, 14 Mar 2003 02:25:23 -0600 (CST)
Forwarded from: Kurt Seifried <listuser () seifried org> One thing I'm wondering. How do you KNOW that the code MS is showing you is "real", i.e. not something made up or several versions old? Essentially I can take a source rpm/tarball/whatever on a linux/bsd systems and chances are good I can create the exact same binary (MD5 sum et all) as the binary shipped by a given project. Is this possible with MS's source code? You would have no idea if the source code they are showing you is actually the source code in use. I'm not trying to be paranoid or anything, but it makes me wonder. Yet another fun issue with proprietary software. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- China next to get access to Microsoft source code InfoSec News (Mar 03)
- <Possible follow-ups>
- Re: China next to get access to Microsoft source code InfoSec News (Mar 11)
- Re: China next to get access to Microsoft source code InfoSec News (Mar 14)