Linked by Thom Holwerda on Thu 19th Nov 2009 23:22 UTC
Windows Earlier this week, a senior National Security Agency official told US Congress that the NSA had worked on Microsoft's latest operating system, Windows 7. This spurred a flurry of rumours about the NSA building backdoors into Windows 7, but Microsoft has today categorically denied these claims.
Thread beginning with comment 395552
To read all comments associated with this story, please click here.
Categorically denied...how?
by license_2_blather on Fri 20th Nov 2009 00:45 UTC
license_2_blather
Member since:
2006-02-05

With those 30+ million or whatever lines of code, how would Microsoft even know?

Reply Score: 1

umccullough Member since:
2006-01-26

With those 30+ million or whatever lines of code, how would Microsoft even know?


"Hey Frank, do you recognize this source checkin from last week by "YourSecretSanta" claiming he's fixing up a buffer overflow in the Backdoor service? I don't remember the code review for that..."

Any sane project is going to use source control.

Unless the NSA is paying people to cover it up - I'm guessing the people regularly working with and reviewing the code regularly might detect something amiss when it gets committed - unless it's added by a malicious individual in a very sneaky way.

It's a bad idea for an untrusted developer to be given commit access to a source-controlled codebase and allow them to checkin large amounts of code without peer review - of course many corporations do this all the time, but I have to assume Microsoft has at least put *some* safeguards in place to prevent this as much as possible given their continual public scrutiny.

Reply Parent Score: 2

gfolkert Member since:
2008-12-15

It's a bad idea for an untrusted developer to be given commit access to a source-controlled codebase and allow them to checkin large amounts of code without peer review - of course many corporations do this all the time, but I have to assume Microsoft has at least put *some* safeguards in place to prevent this as much as possible given their continual public scrutiny.

but... without public source code review...

Does it matter?

I mean, come on... how would we/you ever know?

Reply Parent Score: 0