DrewWilson
April 24th, 2009, 11:12 PM
If you are like me, and you have been involved in cryptography and Cyber Security for a long time, it's obvious to you that commercial open source code is more secure. As a matter of fact, in the late 90s, many of the Intelligence agencies mission systems and the DoD tactical systems moved to open source ONLY to improve security. Today, the majority of the critical systems in the Intelligence agencies (the people that care most about Cyber Security) run on open source operating systems like Solaris and Linux. The same is true of places like the FAA, IRS, and a whole lot of other organizations that care about security.
We have a saying in the world of Cyber Security: Security through obscurity, isn't. However, to many, it may not be so obvious, so let me walk you through some of the reasons that commercial open source software tends to be more secure, then I will give you some data at the end to back it up.
First of all, you need to look at the supply chain issues. The reality is today, that ALL software is written globally. You need to deal with the fact that Microsoft, Oracle and IBM software is written in India, China, and Russia. In fact, the majority of all software, open or not, is written all over the world. By making the code open source, nothing can be hidden in the code. If the Trojan Horse was made of glass, would the Trojans have rolled it into their city? NO. Open governments are more secure for their citizens, and open source software is more secure for anyone running it. Public scrutiny is a beautiful thing. Just look at free press in this country and open government. We want and need security, peace and tranquility for our citizens. The founders of this country based our government on openness. Open Source enables security. It's pretty obvious when you think about it.
I'm not the only one saying that, of course. One recent examination is in the light of large scale computer intrusions detected coming from a PRC based hacker group. This week the New York Times and CNET ran a story by John Markoff titled "Vast
Spy System Loots Computers in 103 Countries" which details these
attacks. In a related technical report issued by the University of Cambridge "The snooping dragon: social-malwar surveillance of the Tibetan movement" on these widespread series of attacks, researchers point out many ways these threats could have been mitigated, including strong endorsement of open source SE Linux and Trusted Open Solaris.
More... (http://blogs.sun.com/BVass/entry/the_no_1_reason_to)
:reporter:
We have a saying in the world of Cyber Security: Security through obscurity, isn't. However, to many, it may not be so obvious, so let me walk you through some of the reasons that commercial open source software tends to be more secure, then I will give you some data at the end to back it up.
First of all, you need to look at the supply chain issues. The reality is today, that ALL software is written globally. You need to deal with the fact that Microsoft, Oracle and IBM software is written in India, China, and Russia. In fact, the majority of all software, open or not, is written all over the world. By making the code open source, nothing can be hidden in the code. If the Trojan Horse was made of glass, would the Trojans have rolled it into their city? NO. Open governments are more secure for their citizens, and open source software is more secure for anyone running it. Public scrutiny is a beautiful thing. Just look at free press in this country and open government. We want and need security, peace and tranquility for our citizens. The founders of this country based our government on openness. Open Source enables security. It's pretty obvious when you think about it.
I'm not the only one saying that, of course. One recent examination is in the light of large scale computer intrusions detected coming from a PRC based hacker group. This week the New York Times and CNET ran a story by John Markoff titled "Vast
Spy System Loots Computers in 103 Countries" which details these
attacks. In a related technical report issued by the University of Cambridge "The snooping dragon: social-malwar surveillance of the Tibetan movement" on these widespread series of attacks, researchers point out many ways these threats could have been mitigated, including strong endorsement of open source SE Linux and Trusted Open Solaris.
More... (http://blogs.sun.com/BVass/entry/the_no_1_reason_to)
:reporter: