A few thoughts around this article about Kaspersky showing their source code to US governmnent http://gizmodo.com/in-worrisome-move-kaspersky-agrees-to-turn-over-source-1796587120 …
-
-
Replying to @mkolsek
If US is worried that Kaspersky (or any other vendor) might be an attack vector, having their source code is worthless. Why? Updates.
1 reply 0 retweets 0 likes -
Replying to @mkolsek
Even if you see the source code of the current version, the update functionality is essentially "download and execute arbitrary code."
1 reply 0 retweets 0 likes -
Replying to @mkolsek
As for US government now being able to find vulnerabilities in Kaspersky's source code (that they might not be able to find otherwise)...
1 reply 0 retweets 0 likes -
Replying to @mkolsek
Today's AV software is far from the point where one would need the source code to find vulns in it. For example: https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=kaspersky&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=ids …
1 reply 1 retweet 6 likes -
Replying to @mkolsek
Until it gets there, having the source code doesn't provide much value for this purpose.
1 reply 0 retweets 0 likes
Even then, you just make it a bugdoor and you have plausible deniability.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.