Results 1 to 5 of 5
  1. #1
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default Code audit in view of Juniper?

    Has Untangle thought about undertaking a code audit - or is it even needed?

    In view of the Juniper scandal, Cisco has undertaken an audit of all of their code. Rumors are Fortinet and ZyXEL are in the midst of a code audit. I assume looking for NSA/CIA tidbits planned by moles. I sort of assume Untangle is probably safe from this but I often make bad decisions when I work from assumptions or speculation.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,111

    Default

    Don't worry we review every check-in. We have an advantage of a tight engineering team.

    Our base code is open source Debian which has a large community eyeing the code. Also Untangle free apps are open source so anyone can review the code at their leisure. Even our bug database is open to the public. Things that those other companies cannot claim. We even allow the customer fully on the OS command line.

    Fruit for thought.
    Last edited by jcoffin; 01-02-2016 at 10:17 AM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    And everything JCoffin just listed is why I won't abandon Untangle, even when that small dev team has it behind at times.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    I found it hilarious that the NSA and CIA approached Linus Torvald, asking him to backdoor his stuff.. He laughed and said since everyone can see his code it wouldn't be possible. What I find funny is the fact the NSA and CIA actually thought this would be possible. It shows how they live in these little fake worlds where they expect everyone to do exactly what they say.

    It's also another reason I stick with Untangle. I've had a variety of 'other' products years ago but then read Snowden's musings about how Juniper is almost fully compromised - Snowden turned out right. NOBODY should trust Palo Alto, Nir Zuk is ex-mossad. Palo Alto picked up Morta and legions of spooks and ex-spooks as well as NSA backed tech along with that. Webroot is another example the founder was sent 'cliff diving' without a parachute, and Webroot promptly assigned one of the NSA's top dogs to manage them.

    You really need to be careful. The Juniper fiasco brings home to many what many of us have known for decades that backdoors can't be controlled, and the damage from their exposure can sink your company. I highly doubt the US Govt. is shedding a tear over Juniper, they just don't care.

  5. #5
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,146

    Default

    We are currently looking over all our contacts with hosting partners to see in what extend they use Juniper and if they do we will ask then to switch :-)

    And probably we will end up paying for it as well :-(

    And Untangles code is quite easy to pick around in and it has always looked good.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2