Here's an interesting discussion in the Open vs Closed Source debate -
it's
one of Ross Andersons' papers at
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
Abstract:
---------
Some members of the open-source and free software community argue that their
code is more secure, because vulnerabilities are easier for users to find
and fix. Meanwhile the proprietary vendor community maintains that access to
source code rather makes things easier for the attackers. In this paper, I
argue that this is the wrong way to approach the interaction between
security and the openness of design. I show first that under quite
reasonable assumptions the security assurance problem scales in such a way
that making it either easier, or harder, to find attacks, will help
attackers and defendants equally. This model may help us focus on and
understand those cases where some asymmetry is introduced.
However, there are more pressing security problems for the open source
community. The interaction between security and openness is entangled with
attempts to use security mechanisms for commercial advantage {to entrench
monopolies, to control copyright, and above all to control interoperability.
As an example, I will discuss TCPA, a recent initiative by Intel and others
to build DRM technology into the PC platform. Although advertised as
providing increased information security for users, it appears to have more
to do with providing commercial advantage for vendors, and may pose an
existential threat to open systems.
---------
Anyone with an interest in security will probably find many other
papers in
the root directory interesting too...
Edmund Cramp
--
http://www.emgsrus.com/graffiti.htm
