Comment on Do You Speak Droidish? The Pentagon Is Spending Millions On A Language For Drones
remus989@sh.itjust.works 1 year agoFrom a security perspective would open source be less secure? I’m legit curious about this.
If your software relies on being closed source for security, you have no security. It’s that simple.
Having your thing open source enables people from pointing out it’s issues, which enables people to fix those issues. Of course, OSS can still have issues, but they can be discovered more easily.
A whole lot of war drones are using https://en.wikipedia.org/wiki/ArduPilot
ourob@discuss.tchncs.de 1 year ago
Some software is absolutely more secure for being open source. There’s a reason why popular cryptographic libraries tend to be open, even those used in military applications.
If the security of your software component relies on an attacker not having access to your source, then your component is only secure until someone reverse engineers it and figures out how it works, at which point it is entirely compromised on all systems it’s deployed to.
So you need something else to provide security besides obscuring how the software works. In cryptography, that comes from a large, highly random encryption key. The reason that your online bank transactions are safe from an attacker snooping on your network is because, even having the full source code to the crypto libraries, it would take a computer longer than the age of the universe to guess the encryption key through brute force.
The benefit of open source is that it gets a lot more eyes on the code to find flaws and vulnerabilities - and to verify that the software does what the vendor claims, which is very much not always a given.