"...It also urges vendors to add additional security to their software development process, as a bulwark against saboteurs writing backdoors into the code, or implanting logic bombs programmed to shut down a safety system at a particular time. But securing the software from its own developers "would not be practical to implement," according to comments filed by Virginia-based energy company Dominion, one of two plant operators who chimed in on the proposal. "Access of the programmer to the software is a matter of trust."

Why is this not practical to implement?

Wouldn't open-source software with peer review and a mandatory third-party audit protect against possible developer sabotage?

Isn't that one of the major strenths of open source software??

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/10618/30871#30871