Comment code reviews are perfect and impossible ? (Score 4, Insightful) 419
> Russian FSB has actually wrung Windows code reviews out of Microsoft so if they didn't find any back door in that code I'd say there are none to find...
So it's entirely possible to do a code review of an entire operating system and be sure that there are no vulnerabilities?
Of course, you can't be sure that something as simple as an ssl library is safe, but an entire OS is no problem. Despite the fact that there's no way to know if the code you're reviewing matches the installed binaries.
> there is always the option of doing a personal code review of what is it now, 200 million plus? lines of Linux source code and then compiling your own Slackware
Yep, that'd be even easier than the Windows code review, especially since thousands of other people have already done some initial review for you. You can then compile it yourself and know that the source code matches the binary, unlike Windows.
(The trojaned compiler attack is fairly trivial to defeat, so don't bother going there