If only Cisco code had been open source

From: Stanley Long <slong@customcpu.com>
Date: Wed May 19 2004 - 23:21:44 AKDT

Commentary: If only Cisco code had been open source
Eric S. Raymond
NewsForge, Monday May 17th
http://trends.newsforge.com/trends/04/05/17/1932214.shtml

The 15 May 2004 theft and publishing of the source code for Cisco's IOS
router firmware could mean a wave of exploits ... because Cisco ignored
one of the iron rules of network security ...

Kerckhoffs' Law,
"A cryptosystem should be designed to be secure if everything is known
about it except the key information."

Claude Shannon, the inventor of information theory, restated Kerckhoffs'
Law as: "[Assume] the enemy knows the system." Here's Raymond's
Reformulation for the 21st century: "Any security software design that
doesn't assume the enemy possesses the source code is already
untrustworthy; therefore, *never trust closed source*."

======================================
Cisco Investigates Source Code Leak
Scarlet Pruitt, IDG News Service
Monday, May 17th
http://story.news.yahoo.com/news?tmpl=story&u=/pcworld/20040517/tc_pcworld/116148

Cisco Systems is investigating the possible theft of proprietary source
code that drives its networking hardware, a company representative has
confirmed.

... SecurityLab.ru reported over the weekend that the operating system
code--used to power a majority of the company's networking devices--was
stolen from Cisco's corporate network, with some leaked onto the
Internet. The site estimated that around 800MB were taken.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed May 19 23:04:30 2004

This archive was generated by hypermail 2.1.8 : Wed May 19 2004 - 23:04:32 AKDT