Classnotes | UNIX03 | RecentChanges | Preferences One of the great things about most Unix systems is that they contain a large number of Open Source software. To someone new to the concept, it may seem a bit counterintuitive that this can be a good thing for security.
Cryptologists have a mantra: "Security is not obtained through
obscurity." Given how persuasive and pervasive this assertion is, it is remarkable how many well- or ill-meaning novices (and product advocates) fail to get it.
People often become convinced that they can enhance the security of
their protocol, algorithm, or application by not letting on to the public just how the thing works. This specious reasoning concludes that if the bad guys (perhaps meaning "competitors") do not learn the details of how a protocol/algorithm/application works, they will not be able to break it. Or perhaps these naive folks just think that their
whiz-bang new algorithm is so novel and brilliant that it will keep people from stealing their ideas. Either way, security through obscurity ranks up there with a belief in the tooth fairy in terms of
scientific merit.
Many eyes versus a few
From a bug and security hole perspective, Open Source software is a very good idea. Instead of a small team of testers and debuggers trying to find holes and bugs in a given peice of software, you can get hundreds, thousands, or even millions of people hammering away at it.
When a new bug or hole is found, any technically minded person in the software community can legally fix it and distribute a patch. This means that usually within a matter of hours a hole for a major system component will be plugged and a fix will be available. Even if you are not comfortable with applying that fix by hand, because 90% of the work has already been done, your Unix/Linux vendor will likely release an "approved" version of this fix in your favorite, easy to install format within a few days.
Quite honestly, when this type of thing is taken into account, you really cannot expect even the most wealthy corporation in the world to be able to afford to keep up.
