Friday, December 27, 2013

Open-source makes this world less subverted

Who doesn't know it yet, Bruce Schneier summarizes and comments some hot topics on his monthly-mailing-list-based blog; topics from security world, often beyond IT borders. I honestly recommend it to everyone who cares about security at least a bit.

Last months, NSA became topic #1, while Bruce has given us several shorter stories from the world not very close to ordinary internet user. Well, those stories actually are quite close, but almost nobody is aware of it.

I mean, how many Facebook users realize that everything they say there is practically and without exaggerating "logged" in US information services agencies? The same is valid for many other web services, providers and even the biggest software developers.

How this is done in practice? If we don't take behind subverted security protocols or algorithms, applications like GMail, Facebook simply include some kind of back-door. Right, nothing bigger than what we can see in ordinary Hollywood movies.

We're maybe not that far that we're able to say what these data are used for in practice, but anybody, including movie script writers, can imagine exciting stories, so I'm already looking forward for new movies.

But what is my point, actually? Bruce's post from November mentions many ideas but which one I like the most is this one:

"A closed-source system is safer to subvert, because an open-source system comes with a greater risk of that subversion being discovered. On the other hand, a big open-source system with a lot of developers and sloppy version control is easier to subvert. "

This is one idea I'd like to share before the year ends, since everybody who cares about security should have this value of open-source software on his mind. Let's make this world less subverted using open-source!

See other opinions as well in Bruce's November posting.