Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!decwrl!stanford.edu!BETA.LANL.GOV!gta
From: gta@BETA.LANL.GOV (Gail Anderson)
Newsgroups: comp.protocols.kerberos
Subject: Software Security
Message-ID: <9104112240.AA24903@beta.lanl.gov>
Date: 11 Apr 91 22:40:49 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 14

We are investigating how to go about moving our network authentication
to Kerberos.  As part of this, we must find means of assuring our
security people that software we get from the network does not include
intentional security holes.

Would it be possible for us to have a copy of your software change
control procedure or a statement of your integrity policies?  This would
provide assurance that your software is not modified between the time you 
approve it for distribution and the time we get it.  If you can provide 
this, it would greatly assist us and would ease the effort required to 
get approval to upgrade to Kerberos.

Thank you,
Gail Anderson