

Explanation of Why Open Source isn't Inherently More Secure - briansmith

http://theinvisiblethings.blogspot.com/2009/01/closed-source-conspiracy.html
======
DanielStraight
I don't think the author compeletely gets it.

Here's a sample of a Microsoft EULA:

""" LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You
may not reverse engineer, decompile, or disassemble the Software, except and
only to the extent that such activity is expressly permitted by applicable law
notwithstanding this limitation. """

Have you actually looked up those laws to know if what you're doing is legal?
Would you be willing to bet on your ability to interpret legal code? I sure
haven't and sure wouldn't. I'm not interesting in putting myself in a position
where I might have to fight Microsoft in a legal battle. I can already tell
you who will win that one. Billions of dollars almost always wins.

Also, if there is a bug in Excel that you find problematic, there's nothing at
all you can do about it except stop using Excel. If you're using open source,
you can fix it and get on with your work.

The author also points to an issue that existed with Debian for about 2 years.
In open source terms, that's an extremely long lived bug. If security is a
huge issue for you (and it isn't for most computer use cases), use open bsd,
where security bugs are fixed almost immediately. Even so, I have to ask, how
long is the longest a security hole has remained open in Windows (that's
assuming you don't consider Windows itself a security hole, and I'm not sure
you can be so generous)? How would you even know? Do you think Microsoft is
going to tell you, "Oh yeah, we had this huge security bug for about 10 years
that we finally fixed up?"

Finally, the author is attacking a straw man anyway:

""" I only resist the open-source fundamentalism, that defines every
proprietary software as inherently insecure, and everything open source as
ultimately secure. """

Who actually think that everything open source is automatically secure? No
one. Here's some open source code for backing up your computer: "rm -rf /".
Show of hands, who thinks this is secure system backup software?

(Just in case you don't know any better, DO NOT FOR ANY REASON RUN "rm -rf /"
ON A UNIX-BASED MACHINE.)

The argument that people actually make is that open source software has a
tendency to be more secure... that the culture is more inclined to produce
secure software. If you attack that instead of a straw man, you'll have a much
harder time.

------
s2r2
[http://theinvisiblethings.blogspot.com/2009/01/closed-
source...](http://theinvisiblethings.blogspot.com/2009/01/closed-source-
conspiracy.html) clicky

~~~
briansmith
Thanks. Apparently I suck at the internet.

