Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
>
> There is mental barrier. People naturally think that closed=secure and
> open=exposed. In reality, it's the very opposite.
Yup, I've discussed this exact thing in lectures and training sessions
I've taught. It's sometimes a difficult concept for people to absorb,
that secrets can actually make you vulnerable.
It's like those bicycle locks that can be popped open with a Bic pen.
As soon as the secret became widely known, those locks became useless,
requiring a lot of people to buy entirely new locks (and probably more
than a few people having their bikes stolen).
Closed source allows companies to hide their flaws, giving customers a
false sense of security... until some clever person with a disassembler
cracks it and posts the secret to the l33t-malware-dev mailing list or
some such.
The many eyes of open source peer review means flaws are found and
patched much more quickly. The only thing you should ever have to
keep secret is your password or encryption key. If cracked, it is
much more easily replaced than the software that uses it.
Cheers,
Thad
|
|
