Linux Today: Linux News On Internet Time.

CNET News.com: Net security: An oxymoron (interview with Peter Neumann)

Oct 19, 2001, 13:30 (1 Talkback[s])

[ Thanks to David Walser for this link. ]

How do you respond to the argument that open-source systems are by their nature insecure because their source code is exposed?

If you have a weak system, it can be compromised without knowledge of the source code. If you look at the history of security flaws, most of them are found without any knowledge of the source code. The idea of putting your head in the sand and pretending that your system is secure when it isn't has been demonstrated to be utterly ridiculous. It's what's known as "security by obscurity," and it has serious defects.

[Every time you raise the bar with technology, the attackers can raise the bar with anti-technology, or even technology itself.] The open-source movement is not inherently guaranteed to come up with secure software unless there is significant discipline in the development, distribution, operation and administration of the resulting systems. So it's important to realize that we have a lot of weak links, all of which have to be addressed. The idea that hiding the source code is going to solve the problem is utterly ridiculous."

Complete Story

Related Stories: