Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The key question is: would they let people who want to find bugs? Because that is the point here, if you can read the software but not allowed to do an audit, it doesn't make any difference (for the issue that we're discussing).


Can you clarify the distinction? They share the source code so that other people can do auditing, obviously. But what would be the scenario where you are allowed to read the code, but you're not allowed to look for issues? Have you ever seen that set up anywhere? It would not make any sense.


See for example the Enterprise Source Licensing Program page https://www.microsoft.com/en-us/sharedsource/enterprise-sour...

Allowed purposes for said licensing program includes “performing internal security audits of the Microsoft Windows operating system”.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: