PC Week: A secure Internet can't have secretsJan 20, 2000, 01:12 (0 Talkback[s])
(Other stories by Peter Coffee)
"In the early years of distributed information systems, computer security was the guard at the door of the club. The role of computer security was to welcome the trusted few, who enjoyed the run of the place once they got past the velvet rope...."
"It may seem a paradox, but one of the vital elements of security is the absence of secrecy. By this I mean that open access to algorithms, and to the source code that implements those algorithms, is essential if anyone is to rely on the Internet to be a safe forum for business...."
"But implementation errors seem to go hand in hand with the growing complexity that characterizes new operating systems such as Microsoft's Windows 2000, according to panelist Bruce Schneier of Counterpane Internet Security Inc. Windows NT, estimated Schneier, reveals about one new security bug per week in its roughly 16 million lines of code. With Windows 2000 massing more like 40 million lines of code, said Schneier, "the odds of Windows 2000 being more secure than Windows NT 4.0 are roughly zero."