Hard to take seriously a poll from a company that cannot even implement the submit button correctly on their poll page, using proper HTML, and without the ultimate stupidity of making their submit button tied to Javascript.
Disclaimer 1: I work for Cisco, though not on the product in
question.
Disclaimer 2: Any opinions expressed here are mine. I don't speak for Cisco. You knew that already, right?
I find the thesis of the original article somewhat dubious. We jump from
"here's a security advisory" to "Can we really trust closed-source vendors?".
Yes, with open source you have the ability to scrutinize the code to
search for security holes and other problems. However, do you actually
scrutinize every piece of code you download? Do you never download any
prebuilt binaries from anywhere -- images that could easily contain
suspect modifications that you might not know about, even if you did
scrutinize the source you think those binaries are built from? In short,
I find the presumption of safety when dealing with open source somewhat
unwarranted. Don't get me wrong; I like open source. My own computers
are all Linux-driven boxes. But I didn't examine all the sources, nor
compile the entire system and every application set from scratch.
I doubt most of us have.
Reading some of the replies already made on this thread, I notice that
many seem to assume intent, even malice, on Cisco's part. I seriously
doubt either is the case. Some other possibilities:
Some early testing code which someone forgot to remove.
Something we inherited from an outside party, and failed to catch.
and of course, the obvious possibility of simple stupidity (some would
probably argue that the above two points fall into the 'stupidity'
category too).
Regardless of the cause, I think it is probably more likely an
error on some individual's part rather than an intentional action of any group, much
less the company as a whole.
I have no more knowledge about the real source of this particular gaffe
than any of the other readers here. Still, I know the products I work on,
and that none of the developers I know of would ever try slipping a
back-door into code, or even intentionally let any security hole into
the code. Indeed, we take security issues seriously and try to fix any
problems we know of as fast as possible.
Consider that we have stock and stock options. We want our company to
do really well, and make us all fat happy campers. Gaffes like this are
just plain bad business.;-)
Slashdot Mirror
Hard to take seriously a poll from a company that cannot even implement the submit button correctly on their poll page, using proper HTML, and without the ultimate stupidity of making their submit button tied to Javascript.
Disclaimer 2: Any opinions expressed here are mine. I don't speak for Cisco. You knew that already, right?
I find the thesis of the original article somewhat dubious. We jump from "here's a security advisory" to "Can we really trust closed-source vendors?". Yes, with open source you have the ability to scrutinize the code to search for security holes and other problems. However, do you actually scrutinize every piece of code you download? Do you never download any prebuilt binaries from anywhere -- images that could easily contain suspect modifications that you might not know about, even if you did scrutinize the source you think those binaries are built from? In short, I find the presumption of safety when dealing with open source somewhat unwarranted. Don't get me wrong; I like open source. My own computers are all Linux-driven boxes. But I didn't examine all the sources, nor compile the entire system and every application set from scratch. I doubt most of us have.
Reading some of the replies already made on this thread, I notice that many seem to assume intent, even malice, on Cisco's part. I seriously doubt either is the case. Some other possibilities:
- Some early testing code which someone forgot to remove.
- Something we inherited from an outside party, and failed to catch.
and of course, the obvious possibility of simple stupidity (some would probably argue that the above two points fall into the 'stupidity' category too). Regardless of the cause, I think it is probably more likely an error on some individual's part rather than an intentional action of any group, much less the company as a whole.I have no more knowledge about the real source of this particular gaffe than any of the other readers here. Still, I know the products I work on, and that none of the developers I know of would ever try slipping a back-door into code, or even intentionally let any security hole into the code. Indeed, we take security issues seriously and try to fix any problems we know of as fast as possible. Consider that we have stock and stock options. We want our company to do really well, and make us all fat happy campers. Gaffes like this are just plain bad business. ;-)
<subliminal>Buy Cisco! </subliminal> (sorry, couldn't resist)