[kryten]

And before someone else says this is bollocks, I've worked at a company with shared source access to Windows and there are still bits you can't get at like the CSP implementations so there may still be stuff like that in there.

No open review for any crypto functions in Windows is possible.

That's basically a fucking massive red flag.

[tptacek]

The Windows source code is the most comprehensively reverse engineered codebase in the world. Virtually every software security firm and every security product company has someone on staff who has the lay of the land for the kernel, services, and drivers. Even if Microsoft didn't publish most of the debug symbols for the OS, which they do, it'd still be the best understood closed source codebase in the world.

The likelihood of them hiding backdoors in software that you don't know about simply because some company you worked at that had access to some of their actual source code didn't have all that source code is low.

[kryten]

You underestimate the problem.

Look at just chrome for example, which I've posted my rationale for here:

https://news.ycombinator.com/item?id=6035091

Not a chance in hell.

[tptacek]

I don't understand your comment. Mine was a statement of fact. Your assessment of the information density of Chrome versus that of the human genome was comprehensively debunked.

[kryten]

there are no facts in your comment. Please cite your sources. Not only that, my hypothesis hasn't been debunked or disproved.

[wglb]

Well, there is a complete disassembly of windows code used to re-implement it: http://en.wikipedia.org/wiki/ReactOS.

Have you attempted reversing code?