On Tue, Feb 19, 2013 at 1:00 PM, Adam Fisk <[email protected]> wrote:
> > There are just so many aspects that go into software licensing that I > just don't draw that same line. If the goal is secure code, I again > think the key is having an adequate number of capable people analyzing > and dissecting that code on a constant basis. That can mean closed > source code audits, and it can mean having a full time security team > analyzing and improving the code at all times (Google, Facebook, many > others) regardless of the software license. Open source is awesome, > and I believe in it wholeheartedly, but I don't think if an > organization doesn't open source their code they're automatically > crazy and kicked out of the club. > Just a small clarification here: Trust via policy or word-of-mouth is not the same as trust via source code review. "We're secure, trust us" is not the same as "we're secure, see for yourself." So they're not "automatically crazy", but they're just saying "trust us" instead of "see for yourself", which I believe is not enough. > > -a > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
