How do you explain the security of open source to non-techs?
Simple:
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world’s best safecrackers can study the locking mechanism – and you still can’t open the safe and read the letter – that’s security.
It’s an interesting analogy that non-technical people can understand. The problem of course lies with those who are ‘semi-technical’ – those that know what source code looks like, but do not understand what can be done with it. They think they have some knowledge when in reality they do not. The problem is: how do you convince these people that they do not know enough to make comment, without offending them (especially if they are a client of yours)?
The answer is simple: make sure you have securely configured their F/LOSS systems and invite them to have a penetration test carried out.
Post inspired by/stolen from Slashdot.
About this entry
You’re currently reading “How do you explain the security of open source to non-techs?,” an entry on if it's owən
- Published:
- 02.16.09 / 10am
- Category:
- Blog
No comments
Jump to comment form | comments rss [?] | trackback uri [?]