gta@BETA.LANL.GOV (Gail Anderson) (04/12/91)
We are investigating how to go about moving our network authentication to Kerberos. As part of this, we must find means of assuring our security people that software we get from the network does not include intentional security holes. Would it be possible for us to have a copy of your software change control procedure or a statement of your integrity policies? This would provide assurance that your software is not modified between the time you approve it for distribution and the time we get it. If you can provide this, it would greatly assist us and would ease the effort required to get approval to upgrade to Kerberos. Thank you, Gail Anderson
henry@ADS.COM (Henry Mensch) (04/13/91)
Date: Thu, 11 Apr 91 16:40:49 -0600 From: gta@beta.lanl.gov (Gail Anderson) We are investigating how to go about moving our network authentication to Kerberos. As part of this, we must find means of assuring our security people that software we get from the network does not include intentional security holes. this statement seems to imply that your security people "trusts" software that you've purchased ... i dare not say anything more, lest we all fall off our chairs in riotous laughter ... -- henry --------