Prepend
2008-07-17
  Open Source Secure Projects
A client I work with mentioned that for high security related projects, that developing them in an open source way will actually decrease the security provided by the project. The idea being that if anyone can see the architecture and code while it is being developed they can prepare to compromise the security. This made sense at the time and I nodded, but after chewing on it for a few weeks I think this is not the case at all.

There is certainly the argument that implementations are not open source. Of course that makes sense as no one will open up the server configs, passwords, private keys, etc. But the actual software that is used within an implementation gets more secure if developed as open source software.

So here's the short list off the top of my head of security related open source projects that are pretty widely used:


Of course others have written on this subject and pretty much conclude that not only does OSS improve a project's security, not being OSS is quite a large vulnerability.

Labels:

 
Technical and personal notes from Brian Lee, technologist/enterprise architect/software developer/soa guy.

ARCHIVES
February 2005 / March 2005 / April 2005 / May 2005 / June 2005 / July 2005 / August 2005 / September 2005 / October 2005 / November 2005 / December 2005 / January 2006 / February 2006 / March 2006 / April 2006 / May 2006 / June 2006 / August 2006 / September 2006 / October 2006 / November 2006 / December 2006 / January 2007 / May 2007 / June 2007 / August 2007 / September 2007 / October 2007 / April 2008 / July 2008 / January 2009 / May 2009 / June 2009 / September 2009 /
My Photo
Name: Brian Lee
Location: Atlanta, Georgia, United States

 
Web prepend.com






Powered by Blogger