Help Net Security: Security in Open versus Closed Systems - The Dance of Boltzmann, Coase and Moore

[ Thanks to LogError for this link. ]

"Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the proprietary vendor community maintains that access to source code rather makes things easier for the attackers. In this paper, I argue that this is the wrong way to approach the interaction between security and the openness of design. I show first that under quite reasonable assumptions the security assurance problem scales in such a way that making it either easier, or harder, to find attacks, will help attackers and defendants equally. This model may help us focus on and understand those cases where some asymmetry is introduced..."

Complete Story (with link to 13-page PDF white paper)

Download xpdf

Related Stories:

• CNET News: Study: Equal Security in All Software(Jun 22, 2002)
• CPI: Cyberspace Policy Institute Accepts Debate with AdTI(Jun 17, 2002)
• Linux and Main: The Changing AdTI Documents(Jun 13, 2002)
• Two on ADTI Open-Source White Paper(Jun 11, 2002)
• Update: Alexis de Toqueville Institution: Opening the Open Source Debate(Jun 11, 2002)