On 2020-05-10 00:09, Karl Auer wrote: >> We are releasing the app code, but to ensure the privacy of individuals and >> integrity of the overall system, the code that relates to the COVIDSafe >> National Information Storage System will not be released. > > Why not? If it is secure, no amount of inspection will make it less so. If > it is not secure and they don't know it, the fastest way to find out is to > let lots of eyes look at it. And if it is not secure and they DO know it, > then believing that hiding the code will somehow protect the system is > dangerously, foolishly naive. Three words that pretty well sum up the > Australian Government's when it comes to large-scale IT.
Reliance on security-by-obscurity will probably end in tears. I presume security of CovidSafe user data will ultimately depend on the devices' O/S but I'm not qualified to make any guesses there. However China will probably reverse-compile the downloadable App in short order anyway. Withholding part of the code only reduces the government's credibility even further. As a strategy to whitewash back doors and spyware, it's at least 25 years old: release most of the code to display innocent goodwill but not the bit that counts. David Lochrin _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link