Green Hills Software strikes again

Posted May 4, 2004 19:41 UTC (Tue) by AnswerGuy (subscriber, #1256) [Link]

Publishing the source is bad because the bad guys will find the vulnerabilities *and* it offers no benefit because the good guys can't find the vulnerabilities in the published sources.

Huh?

So the bad guys can see things that the good guys can't. Thus we should strive to keep source code secret from the "good guys" (and all those "nobodies" of nuetral or uncertain provenance).

Keeping the sources secret from the prying eyes of international espionage specialists is predicated on the notion that none of them will ever plant agents in U.S. software firms (perhaps via H1-B visas or as JANITORIAL STAFF), none of them will ever manage to pull a black bag job on any software firm with the sources (that would be a "B&E" --- breaking and entry, preferably a stealthy entrance and undetected escape after copying files or planting bugs), and none of them will ever manage to bribe, blackmail, or extort any of the staff who have access to the source code.

We know the bad guys wouldn't resource to deception, trespass, bribery, blackmail, extortion, wiretapping, or thievery in order to access our vital source code secrets. They are far too unsophisticated for that! They need us to coddle their espionage efforts by publishing our sources in the the web!

Somebody laced their crack with PCP!

JimD