open-source vs proprietary security software
Sat Mar 17 12:09:00 2001
You, skribe, wrote:
>It's a question of numbers. The more eyes that see your code the greater
>the chance that you'll find the holes.
That is one thing, although it might not be perfect too (remember the false
positive gpg could give on multiple signatures).
The main reason is thrust. With closed-source solutions one can add
backdoors knowingly and have a reasonably chance of getting away with it for
some time. Lotus Notes and the products of Crypto AG are well-known examples
where this happened in practice. The discussions about the proposed NSA-key
in the windows signing system are another.
ir. J.C.A. Wevers // Physics and science fiction site:
firstname.lastname@example.org // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html