On Sat, Aug 16, 2014, at 11:21 PM, Christopher Nielsen wrote:
2. It is probably open source.
What makes you think open source will save you? All the eyeballs looking at the code? That was proven a false sense of security when heartbleed was announced.
Can we please stop perpetuating that Open Source is the less secure option? Linus said "given enough eyeballs, all bugs are shallow", he didn't say "all bugs are non-existent". Given an open source program, it can be accountable by anyone. If there is a bug, it can be patched. If there is a deliberate backdoor, it can be pointed to as an example of why to completely abandon the program and mark the developer as tainted forever. Given a proprietary program, it is accountable to the supplier and you have no other option. If there is a bug, all you can do is hope for a patch. If there is a deliberate backdoor, all you can do is hope that someone will spots if it is ever reverse engineered. In other words: - Open Source: "trust, but verify" - Proprietary: "trust, and have faith in the supplier" Given the current Snowden climate, you would be naive to choose a proprietary option. Prove me wrong. Alfie -- Alfie John alfiej@fastmail.fm