open-source vs proprietary security software
Sat Mar 17 05:13:02 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 17 Mar 2001 11:09, Karol Pietrzak wrote:
> i'm trying to explain (if not convert) to my friend why open-
> source security software is better than proprietary and am
> trying to develop concrete and specific evidence. i know the
> standard arguments for and against, but i need more. for
> concrete examples, i have the resignation of phil zimmermann and
> the recent choice of nai not to release full source code of pgp.
> anyone have any other ideas?
It's a question of numbers. The more eyes that see your code the greater the
chance that you'll find the holes. With proprietary code you're limited to
who you can afford to hire to look at your code. If you can only afford to
hire Fil Zimmaman, MCSE, as opposed to Phil Zimmerman, GOD, then the
potential for missing security holes is considerably greater. The other
reason is cost. Phil Zimmerman (or hundreds of equally qualified people) may
choose to peruse your code and offer advice and in all likelihood it will
cost you nothing. That's the sort of experience and knowledge that generally
only the big corps can afford.
Public key available from http://www.amber.com.au/~skribe/skribe.public.gpg
Private key available by appointment only =).
I'm sitting on my SPEED QUEEN ... To me, it's ENJOYABLE ... I'm WARM
... I'm VIBRATORY ...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----