Comment on Do You Speak Droidish? The Pentagon Is Spending Millions On A Language For Drones

<- View Parent
ourob@discuss.tchncs.de ⁨1⁩ ⁨year⁩ ago

Some software is absolutely more secure for being open source. There’s a reason why popular cryptographic libraries tend to be open, even those used in military applications.

If the security of your software component relies on an attacker not having access to your source, then your component is only secure until someone reverse engineers it and figures out how it works, at which point it is entirely compromised on all systems it’s deployed to.

So you need something else to provide security besides obscuring how the software works. In cryptography, that comes from a large, highly random encryption key. The reason that your online bank transactions are safe from an attacker snooping on your network is because, even having the full source code to the crypto libraries, it would take a computer longer than the age of the universe to guess the encryption key through brute force.

The benefit of open source is that it gets a lot more eyes on the code to find flaws and vulnerabilities - and to verify that the software does what the vendor claims, which is very much not always a given.

source
Sort:hotnewtop