NATO gets a front-door to look for Microsoft backdoors Microsoft has renewed its 12-year-old agreement with NATO which, among other things, lets the organisation check for bugs, vulnerabilities, and backdoors in Redmond's products. The company announced the agreement here. The essence of the release is that NATO's Communications and Information Agency, NCI, has signed with …
"controlled access to source code"
Now that is a nice term. Is there perhaps a tool-chain included to make sure this code really compiles to the binaries they got? Otherwise "controlled access to source code" could well mean - "we edited out the stuff you are not supposed to see, before we handed it over".
But my guess is rather that it means "we can show you printouts which you can search while we are together with you in a meeting room and we'll collect everything afterwards" - good luck finding anything in this heap of paper!
Oh well, I guess I haven't got enough faith in humankind. Oh, wait - megacorps and gouvernment agencies are non-human entities, right?
But my guess is rather that it means "we can show you printouts which you can search while we are together with you in a meeting room and we'll collect everything afterwards" - good luck finding anything in this heap of paper!
Hell, good luck with sitting in a meeting room and examining a zillion lines of code.
I'm pretty good with assembler so that wouldn't be too much trouble. Now one of the guys I trained to take my job could read straight hexadecimal and was/is eidetic to boot. Go ahead and try to snow job him. He'd be on the NATO team if available. And quite a few more lurking in odd corners of the military.
[Part of the "if the going got weird, the weird grabbed their duffle bag and got going."]
we can show you printouts which you can search while we are together with you in a meeting room and we'll collect everything afterwards
I had someone try to pull that one on me once.
This company were trying to sell me mask-programmed microcontrollers. Given the volumes involved, this was a multi-million pound deal. They were cheaper than the competition - but we'd been using the competition flawlessly for some years (and I used to work for them).
I wasn't going to sign this order without confidence in the code that was to be installed on them, and the FAE who was writing it - well, let's just say he didn't fill me with confidence. So I insisted on seeing the source. He refused.
We eventually ended up in a big meeting with his management and mine. I stuck to my guns - I wasn't going to put this chip on the board if I didn't see the source. After I'd said my piece, the supplier's management turned to this FAE and said "just show him the code."
So the FAE duly turned up at the office a couple of days later with hard copy. Talk about being a bad loser. And I still found a critical bug within 60 seconds[1] that would have left the machine unusable...
Vic.
[1] I did know where to start looking, having been through the development at my previous employer.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
