> Sure - if you want your security to be dependent on a black box. And > you really believe that NO contributed code was not included in it, code > for which the orignal writers are not getting a DIME? The price would > be reasonable, IF IT INCLUDED SOURCE. But it doesn't. For source its > well over a grand. Its back to security through obscurity (only now > its 'security through black boxes'). Have you seen a copy of the commercial product? Have you asked the supplier for a copy of the source to check your allegation that contributed code was used in it? Because let's face it, you basically just accused them of that. Have you also consulted with the supplier to find out what information he will supply regarding what the program checks for, and what holes it attempts to discover and correct? Perhaps the supplier will be more than happy to share with those who purchase this product information about the particular security problems. I don't know these things for a fact, but have _you_ investigated first, it semems you're making alot of assumptions on behalf of the supplier which may turn out to be totally unfounded. > The bad taste remains. I smell a gouge playing on fear. If they decide > to make the sources affordable, perhaps I will change my viewpoint. > Otherwise, they are making the decisions FOR the using admin, not allowing > him to decide what he wants to check. How many people who sell word processors provide it with source? How many companies who sell packages which make minor kernel patches provide it with entire source? Sweet bugger all do. So why should this be any different? > As I said: NO SALE. I Say: Give it a chance. (But then no one probably gives a rats ass what I think, perhaps they dont care what you think either? :) Me. -- Andrew Watts - awatts@elecsun5.elec.uow.edu.au 'If you need someone to blame, throw a rock in the air, you'll hit someone guilty.' - U2, Dirty Day.