Subject: Re: anti/Law
From: Dean Brettle <dean@brettle.com>
Date: Wed, 14 Apr 1999 11:01:36 -0700

Rich Persaud wrote:
>
> The argument that closed source leads to better security is analogous to
> the argument that prohibition prevents the prohibited behavior.  Deterrence
> only deters casual troublemakers. Prohibition creates an elite group who
> acquire the skills to escape detection and/or capture.  It encourages
> covert conflict between humans.  Take a small child and tell them that a
> particular behavior is not prohibited.  Their desire to engage in that
> behavior will skyrocket.

Interesting analysis.  I agree:

	Open source -> more potential attackers but less desire to attack
	Close source -> less potential attackers but more desire to attack

However, you then say:

> 
> Open source lets a non-specialist exploit security weaknesses, increasing
> your statistical chance of being attacked.  This additional testing volume
> increases the priority of getting the problem fixed.

Given what you said before it isn't clear whether open source increases
your chances of actually being attacked.  Open source does however
produce a larger group capable of preventing or responding to an
attack.  I suspect that would-be attackers know this and are therefore
even *less* likely to attack.

Our reasoning is different but the result is the same:  Open source
leads to better security.

-- Dean

+--------------------------------------------------------------------+
|    Dean Brettle Computer Consulting     http://www.brettle.com/    |
|      Contract development and support of software and systems      |
+--------------------------------------------------------------------+