Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Worthless article.

Story: Is Open Source Too Open for its Own Good?

Total Replies: 0

Author	Content
r_a_trip Feb 19, 2010 6:34 AM EDT	Glyn seems to be in need of clicks. While the basic questions are in themselves valid, the onesided framing of these questions in relation to FOSS is not. It is universal to ask if we can trust code, can trust people or organizations. This is equally valid for FOSS and CSS. Glyn is trying to paint a picture in which it seems that being open makes these areas of concern particularly pertinent to FOSS. In reality it doesn't matter if code is open or closed when it comes to trusting people or organizations. Trust of people/organizations is not inherent to the actual software. It is a judgment call outside of lines of code. When it comes to the potential of backdoors lurking is source code... It is possible, but in the case of FOSS it must be highly sophisticated, because any malware needs to hide in plain sight. The code is out in the open and everyone can vet through it. Contrast this to CSS, where only the entity writing the code can see it. In theory it must be far easier to compromise closed source software. The number of people working on it is relatively small and it only takes one act of successful corruption to get malicious code embedded into it. When it's there, no one else from the outside can check if the code is safe and uncorrupted. I think it is time to put the corpse of "security by obscurity" on the pyre once and for all.

Author

Content

r_a_trip

Feb 19, 2010
6:34 AM EDT

Glyn seems to be in need of clicks. While the basic questions are in themselves valid, the onesided framing of these questions in relation to FOSS is not. It is universal to ask if we can trust code, can trust people or organizations. This is equally valid for FOSS and CSS.

Glyn is trying to paint a picture in which it seems that being open makes these areas of concern particularly pertinent to FOSS. In reality it doesn't matter if code is open or closed when it comes to trusting people or organizations. Trust of people/organizations is not inherent to the actual software. It is a judgment call outside of lines of code.

When it comes to the potential of backdoors lurking is source code... It is possible, but in the case of FOSS it must be highly sophisticated, because any malware needs to hide in plain sight. The code is out in the open and everyone can vet through it. Contrast this to CSS, where only the entity writing the code can see it.

In theory it must be far easier to compromise closed source software. The number of people working on it is relatively small and it only takes one act of successful corruption to get malicious code embedded into it. When it's there, no one else from the outside can check if the code is safe and uncorrupted.

I think it is time to put the corpse of "security by obscurity" on the pyre once and for all.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!

Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

Today's Big Story

LXer Features

Have something to say?

Latest Discussions

Site Menu

Other News

Worthless article.

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software

Login

Today's Big Story

LXer Features

Have something to say?

Latest Discussions

Site Menu

Other News

Worthless article.

Linux News
The world is talking about GNU/Linux and Free/Open Source Software