[Talk] Chilling effect?

[Enno Davids]

On Tue, Feb 24, 2004 at 10:21:41PM +0800, Leon Brooks wrote:
|In my query to NAB, I asked why they had *no* fully auditable browsers 
|in their supported list.
|
|They've taken an unusually long time to reply. I suspect that they'll 
|shrug and move along (Enno might have more insight), but for some 

Ummm... its the same answer really. Who pays and how to pay for it.

Think about these questions for instance. If they had an audited browser
then they'd have to mandate its use. So it runs on Winbloze and Mac right?
And then having mandated its use they'd be in the position of really having
to accept liability if things blow up. Not to mention the call centre now
having to handle "So I'm using your browser and my flash animation come out
all funny" and a gazillion other such questions they don't want to hear. Do
I need to go on?

And it would be kind of hard to audit something the size of a browser I
should think. Usually you audit smallish things so you can have some hope
of analysing them in depth. (i.e. its more than just Mr. DeRadt saying "I
glanced through the code this afternoon and found 3 buffer overflows!" Not
so much an audit as shooting fish in a barrel really.)

And then you'd read Ken Thompson's ACM Turing award paper "Reflections on
trusting trust" and realize you really need to audit the entire toolchain
first.

So, why don't you get started on gcc and when you're done we can decide
which browser we want to do.

:)

Clearly this is being a little facetious, for which I apologise to all
concerned, but then again I think the original question has a small air of
that too.


E.