open-source vs proprietary security software

Sat Mar 17 05:13:02 2001

Hash: SHA1

On Sat, 17 Mar 2001 11:09, Karol Pietrzak wrote:

> hello.
> i'm trying to explain (if not convert) to my friend why open-
> source security software is better than proprietary and am
> trying to develop concrete and specific evidence. i know the
> standard arguments for and against, but i need more. for
> concrete examples, i have the resignation of phil zimmermann and
> the recent choice of nai not to release full source code of pgp.
> anyone have any other ideas?
It's a question of numbers. The more eyes that see your code the greater the chance that you'll find the holes. With proprietary code you're limited to who you can afford to hire to look at your code. If you can only afford to hire Fil Zimmaman, MCSE, as opposed to Phil Zimmerman, GOD, then the potential for missing security holes is considerably greater. The other reason is cost. Phil Zimmerman (or hundreds of equally qualified people) may choose to peruse your code and offer advice and in all likelihood it will cost you nothing. That's the sort of experience and knowledge that generally only the big corps can afford. skribe Public key available from Private key available by appointment only =). - -- I'm sitting on my SPEED QUEEN ... To me, it's ENJOYABLE ... I'm WARM ... I'm VIBRATORY ... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see iD8DBQE6suQMDgXczVqI6KQRAhiuAKCECytzH4xfXuA63YKHppAXbOHfMQCfQLDj oBdLDuOivfXmIrBAkXSwtmQ= =HE5X -----END PGP SIGNATURE-----