The author argues that the ultimate solution to security
concerns in the real world is through Open Source software: when
things are open, security can be verified.
"So I believe, ultimately, for security to be real, it must be
'open sourced.' This concept involves distributing the instructions
making up an application with the finished program itself. In this
way, the processes underpinning an e-commerce transaction can be
made transparent not just what is being done on your system but how
it is being done open to inspection by all. (Of course the
information involved in the trades themselves is kept
private.)"
"Even if an open-source security regime were to prevail in the
end, this does not mean high-security software would be free of
cost or freely distributed. Open source is not free software in the
GNU/Linux sense of the word. However, if you're an e-commerce
security vendor, making money out of open-source code is still much
tougher hence the resistance to do so. Although the software can be
restrictively licensed, enforcing those rights is difficult because
end-users can easily modify the code to get around features such as
registration dialogs. Then there is the small matter of competitors
seeing exactly how a product works and copying hard-won research
and development in an instant. I'll admit, technically speaking,
the concept is good but the business model stinks."
"And the open-source approach is not going to help Johnny
Six-pack running a hotel, either. He isn't interested in learning
how to compile applications for himself in order to secure his
e-commerce transactions. What he needs is an honest broker or agent
who will look after the whole security headache for him. Now we're
talking security as a service, which is what people really want.
After all, they hire security guards to watch over their shopping
centres already, don't they?"
