---

PC Week: A secure Internet can’t have secrets

“In the early years of distributed information systems, computer
security was the guard at the door of the club. The role of
computer security was to welcome the trusted few, who enjoyed the
run of the place once they got past the velvet rope….”

“It may seem a paradox, but one of the vital elements of
security is the absence of secrecy. By this I mean that open access
to algorithms, and to the source code that implements those
algorithms, is essential if anyone is to rely on the Internet to be
a safe forum for business….”

“But implementation errors seem to go hand in hand with the
growing complexity that characterizes new operating systems such as
Microsoft’s Windows 2000, according to panelist Bruce Schneier of
Counterpane Internet Security Inc. Windows NT, estimated
Schneier, reveals about one new security bug per week in its
roughly 16 million lines of code. With Windows 2000 massing more
like 40 million lines of code, said Schneier, “the odds of Windows
2000 being more secure than Windows NT 4.0 are roughly
zero.


Complete Story