Friday 14 January 2011

Open Source and Security

Just a quick brief note - as again I have been riled by someone claiming that closed source is inherently more secure, because with open source an attacker "knows more about the underlying architecture"

In simplest terms, being able to knit does not make counterfeiting a particular jumper any easier - knowing the source code of a product should not provide an attacker any more capabilities than a similarly secure (or otherwise) closed source product.

In fact, I believe a fair amount of complacency comes with developing closed source code leading to more difficulty in creating inter-operable applications and the potential for a greater number of security vulnerabilities.

Ok, rant over...