On Thu, 2004-02-12 at 20:15, will hill wrote: <SNIP> > That available source code makes software less secure is an old lie that > should not be repeated.
I think you have your wires a bit crossed on this one, Will. Having the source code to a piece of software leaves it wide open for abuse. HOWEVER, among the open source community, there are a wider array of individuals who can (and will) check out the code and seek out potential exploitable holes (your aforementioned security audit). For example, if I wanted to know exactly how the Windows messenger system worked, having the source code to Windows would show me how it does it's thing. That would give me all the information that I need to know about it's protocols, handshaking information, etc. and who knows what I could do from there...spy on IP's...pose as other people...become a real nuisance, etc. Another example would be a deeper understanding of Window's network file structure, and how it handles shares across a network. Imagine what I could do if I knew -everything- that there was to know about that... I know it's a common sentiment among the open source community to militantly defend against the notion that available source code makes software less secure, but the only defense is in the efforts of the open source community to audit software that is available. -=D
