The company I work for is a Fortune 500 company and does a lot of in-house development instead of paying for commercial software. Recently they implemented their own custom-built firewalls based on Linux and are in the process of eliminating firewalls from third-party vendors. It is my understanding there was one individual who developed the firewall; and I have no knowledge of vulnerability testing or debugging procedures.
Has anyone ever heard of a company doing something like this before? Apparently the reason cited is that third-party vendors don't offer firewalls that provide what they want to do (what that is I don't know).
I realize third-party vendors such as PIX, NetScreen, and FireWall-1 are closed source, but likely go thorough and rigorous testing and probably hire security consultants for testing before and after releases. However, how can a company create a firewall in-house and be reasonably certain it will protect them in a way a commercial one can't? Even the code from PF, IPFW, and IPF is released and if there are bugs, they would be found and patched.
It just seems to be an ill-advised "adventure" to me. I'd be interested to hear others thoughts and opinions.
Has anyone ever heard of a company doing something like this before? Apparently the reason cited is that third-party vendors don't offer firewalls that provide what they want to do (what that is I don't know).
I realize third-party vendors such as PIX, NetScreen, and FireWall-1 are closed source, but likely go thorough and rigorous testing and probably hire security consultants for testing before and after releases. However, how can a company create a firewall in-house and be reasonably certain it will protect them in a way a commercial one can't? Even the code from PF, IPFW, and IPF is released and if there are bugs, they would be found and patched.
It just seems to be an ill-advised "adventure" to me. I'd be interested to hear others thoughts and opinions.