[nycbug-talk] interesting read
alex at pilosoft.com
alex
Sat May 21 14:31:56 EDT 2005
On Sat, 21 May 2005, Dru wrote:
> >> Go back to the original URL. Open source is not a product.
> > Did I say it was? I said, "open source licensing is not beneficial for
> > a life-critical application".
>
> Why? At first glance, this sounds like the argument "open source
> licensing is not beneficial for security applications". If that's not
> what you mean, please clarify.
Hrm. Well, those are different things. Open source for security apps is a
double-edged sword - the downside is the 'obscurity' factor of security is
removed. Obscurity is an excellent defense against poorly-funded and/or
poorly-motivated attackers. Of course, the benefit is that [hopefully]
many eyes will spot the bugs and the end product will end up more secure.
Open-source for life-critical applications is simply irrelevant: When
there are human lives on the line, you don't really care about the ability
to recompile and redistribute the source - you either trust the maker of
the software or you don't. If you don't trust the maker and end up
"fixing" the software, that's recipe for disaster.
-alex
More information about the talk
mailing list