Comment 261 Some rather obvious conclusions


The future of opensource security


Some rather obvious conclusions (Score: 1)

by on 2014-06-19 00:27 (#261)

1. Monocultures are bad, whether it's proprietary software with IE 6, or open source with OpenSSL. When one software product has 90 percent market share year after year, be afraid.

2. "With a million eyes, all bugs are shallow" turns out to be BS when it comes to complex code, which certainly includes infrastructure that implements cryptographic and security protocols.
Bugs in the TFA and TFS at Slashdot/Soylentnews/Pipedot, OK, the crowd can be counted on to point out those.

3. Open source might be even *more* vulnerable than proprietary software to security vulnerabilities, because the source code is so easily obtainable in readable form, no reverse engineering necessary. Just as door locks keep the casual thieves away, "security by obscurity" raises the acquisition costs for potential attackers. This just means that the open source community has to be more vigilant than their closed source counterparts, not less.

Junk Status

Not marked as junk