open-source vs proprietary security software

[skribe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 17 Mar 2001 11:09, Karol Pietrzak wrote:
> hello.
> i'm trying to explain (if not convert) to my friend why open-
> source security software is better than proprietary and am
> trying to develop concrete and specific evidence.  i know the
> standard arguments for and against, but i need more.  for
> concrete examples, i have the resignation of phil zimmermann and
> the recent choice of nai not to release full source code of pgp.
>  anyone have any other ideas?

It's a question of numbers.  The more eyes that see your code the greater the 
chance that you'll find the holes.  With proprietary code you're limited to 
who you can afford to hire to look at your code.  If you can only afford to 
hire Fil Zimmaman, MCSE, as opposed to Phil Zimmerman, GOD, then the 
potential for missing security holes is considerably greater.  The other 
reason is cost.  Phil Zimmerman (or hundreds of equally qualified people) may 
choose to peruse your code and offer advice and in all likelihood it will 
cost you nothing. That's the sort of experience and knowledge that generally 
only the big corps can afford.

skribe
Public key available from http://www.amber.com.au/~skribe/skribe.public.gpg
Private key available by appointment only =).
- -- 
I'm sitting on my SPEED QUEEN ... To me, it's ENJOYABLE ... I'm WARM
... I'm VIBRATORY ...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6suQMDgXczVqI6KQRAhiuAKCECytzH4xfXuA63YKHppAXbOHfMQCfQLDj
oBdLDuOivfXmIrBAkXSwtmQ=
=HE5X
-----END PGP SIGNATURE-----