Redmond Fights FOSS Openness With Transparency Centers
Jun 05, 2015, 04:00 (0 Talkback[s])
(Other stories by Christine Hall)
The place to inspect source code of an application for intentional security vulnerabilities is at your own lab, or at the lab of a trusted independent security partner who is not part of the company or organization that's developing and marketing the application. The code should be inspected on machines that are under your control, and it should be compiled after inspection with the resulting binaries compared with the binary being offered by the organization marketing the application -- as Flip Wilson's Geraldine used to say, you wan to make sure that "what you see is what you get."