open-source vs proprietary security software

Johan Wevers
Sat Mar 17 12:09:00 2001

You, skribe, wrote:

>It's a question of numbers. The more eyes that see your code the greater
>the chance that you'll find the holes.
That is one thing, although it might not be perfect too (remember the false positive gpg could give on multiple signatures). The main reason is thrust. With closed-source solutions one can add backdoors knowingly and have a reasonably chance of getting away with it for some time. Lotus Notes and the products of Crypto AG are well-known examples where this happened in practice. The discussions about the proposed NSA-key in the windows signing system are another. -- ir. J.C.A. Wevers // Physics and science fiction site: // PGP/GPG public keys at