You are considering purchasing a VPN solution to protect your organization's information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities. Does this solution adhere to the secure design principle of open design?
A) No, because the software vendor could have changed the code after testing, which is not verifiable.
B) No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.
C) Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.
D) Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.
E) No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

Question

Quizplus · Accepted Answer

The open-design principle states that the methods used to provide protection should be open and not rely on the secrecy of their internal mechanisms. The vendor has submitted the system to a variety of recognized testing authorities, which means that the methods have been tested by independent experts. The fact that the vendor does not make the source code available to testing authorities does not violate the open-design principle, as long as the methods themselves are open and verifiable.

You Are Considering Purchasing a VPN Solution to Protect Your